Skip to content
Pass Microsoft, Cisco, Sap and Salesforce Exams
Menu
  • Home
  • Exams
  • Certifications
  • Cloud Computing
  • Cyber Security
  • Contact Us
  • Log in
  • Sign up
Menu

AWS Security Compliance Programs

Posted on 2024-09-042024-09-04 by zeusexam

AWS Security Compliance Programs

How does Amazon measure its success when it comes to compliance with security best practices and regulations? Through the success of its many customers! Customers drive AWS efforts in these categories (to name just a few):

Compliance reports

Attestations

Certifications

Compliance programs and your adherence to them will help you implement excellent security at scale in AWS. This should also help you realize cost savings overall when it comes to your security implementation.

Amazon, especially once you are a customer, will communicate its security responsibilities, successes, failures, and overall efforts using the following means:

Obtaining industry certifications

Obtaining independent, third-party attestations

Publishing security information white papers and web content

Providing certificates, reports, and other documents to customers, sometimes under a nondisclosure agreement (NDA)

Amazon also provides the following to customers:

Functionality through security features

Compliance playbooks

Mapping documents

AWS also offers a robust risk and compliance program that helps with the following:

Risk management

Control environments

Information security

Amazon regularly scans all public-facing points for vulnerabilities. It even uses independent, third-party firms to perform threat assessments against its technologies and infrastructure. If you (as a customer) are interested in performing penetration (pen) testing against your resources, you may do so, but you must be careful to pen test only your resources. You are not permitted to perform penetration tests against other customers or AWS. So, for example, you can freely pen test one of your own EC2 servers, but you cannot penetration test the EC2 service itself.

Remember, as a customer of AWS, you must do the following:

Engage in a robust security lifecycle approach that includes a review phase, a design phase, and phases of identification and verification. The identification phase should include external controls that are required to secure the customer resources.

Understand the required compliance objectives.

Establish a control environment.

Understand the validation based on risk tolerances.

Consistently verify the effectiveness of the security measures deployed.

A product to help you with compliance in AWS is AWS Artifact. This service offers on-demand access to AWS compliance reports and other documentation. AWS Artifact makes it easier for customers to understand the security and compliance posture of the AWS services they use, as well as to meet their own compliance requirements.

Fortunately, there are many other services to assist with governance and compliance in your AWS solutions, including the following:

CloudWatch: This monitoring and observability service allows you to collect, analyze, and visualize data from various AWS resources and applications in real time. With features like customizable dashboards, alarms, and logs, CloudWatch enables you to gain insights into the performance, health, and operational efficiency of your AWS infrastructure, facilitating proactive management and optimization of resources.

CloudTrail: This logging service records and monitors all API calls made on the AWS platform, offering a comprehensive audit trail of activities across an AWS account. By capturing information such as the identity of the caller, the time of the call, and the parameters used, CloudTrail aids in security analysis, resource change tracking, and compliance management by providing a detailed history of account activity and resource modifications.

AWS Audit Manager: This compliance management service automates the process of assessing and managing the compliance of AWS resources against industry standards and regulations. It enables users to streamline audit preparations, conduct risk assessments, and generate comprehensive reports, helping an organization maintain a secure and compliant environment by providing a centralized tool for tracking and managing compliance controls. Figure 8-3 shows AWS Audit Manager in the AWS Management Console.

Figure 8-3 The AWS Audit Manager

AWS Config: This service allows you to assess, audit, and evaluate the configurations of your AWS resources over time. By providing a detailed inventory of resource configurations and recording configuration changes, AWS Config enables you to maintain compliance, troubleshoot issues, and gain insights into resource relationships and dependencies in your AWS environment.

For more information regarding AWS and security compliance, you can visit the AWS Compliance page at https://aws.amazon.com/compliance, which provides links to a wealth of valuable resources.

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have a few choices for exam preparation: the exercises here, Chapter 22, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep Software Online.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 8-2 lists these key topics and the page number on which each is found.

Table 8-2 Key Topics for Chapter 8

  Key Topic ElementDescriptionPage Number
ListSecurity features in AWS106
ListSecurity services in AWS106
OverviewPenetration testing109
   

Post navigation

← Dynamic Addressing with DHCP
DHCP Servers – 100-150 Exam Guide →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • 100-150 Study Course
  • AWS Study Course
  • AZ-104 Study Course
  • Certified Advanced Salesforce Admin
  • Cisco Study Course
  • CLF-C02 Study Course
  • Google
  • Google Associate Cloud Engineer
  • Microsoft Study Course
  • Salesforce
  • Study Course
© 2024 Zeusexam, Inc. All rights reserved. | Privacy Statement | Terms of Use | Use of Cookies | Trust | Accessibility | Cookie Preferences | Your Privacy Choices