Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Compliance On AWS

  1. Home
  3. AWS Certified Security Specialty
  5. Compliance On AWS

Multiple compliance programs are complied to by Amazon. Few important are listed

  • DoD 5220.22-M or NIST 800-88 techniques used to destroy data during decommissioning process
  • magnetic storage devices not in use and to be decommission, are sent for physical destruction after being degaussed
  • There is a separation in AWS’s internal corporate network and production network for AWS’s customers
  • AWS provides protection against DDOS, Man in the Middle attacks, Ip Spoofing, Port Scanning and Packet Sniffing by other tenants
  • Different instances run on the same physical hardware and are isolated from each other via the Xen hypervisor
  • Instances running in AWS, do not have access to other instances running in same machine or location
  • Instance access is limited to allocated resources only
  • Any traffic between instances is regarded being similar to traffic for public internet
  • No instance can access the bare metal hardware like disk devices but only virtual disks access is provided
  • After usage and deallocation of storage on disk drive by one instance, each block of storage is reset by AWS, so that no data can be retrieved by any consecutive customer’s instance
  • Memory allocated to guests is scrubbed or set to 0 by the hypervisor when unallocated from a guest
  • Unallocated memory is NEVER returned to the pool of free memory until memory scrubbing is done
  • Firewalls in hypervisor layer, between physical network interface and instances virtual interfaces
  • All network packets must pass through the firewall layer
  • AWS lists all of their certifications and compliance reports on an annual basis

AWS provides alignment with security best practices and a variety of IT security standards, including:

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
  • SOC 2
  • SOC 3
  • FISMA, DIACAP, and FedRAMP
  • DOD CSM Levels 1-5
  • PCI DSS Level 1
  • ISO 9001 / ISO 27001
  • ITAR
  • FIPS 140-2
  • MTCS Level 3

Also, industry-specific standards, including:

  • Criminal Justice Information Services (CJIS)
  • Cloud Security Alliance (CSA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Motion Picture Association of America (MPAA)
Menu