Compliance on AWS | Tutorials

AWS manages dozens of compliance programs in its infrastructure.

• DoD 5220.22-M or NIST 800-88 techniques used to destroy data during decommissioning process
• All decommissioned magnetic storage devices are degaussed and physically destroyed
• AWS corporate network is completely segregated from the AWS production network
• AWS provides protection against DDOS, Man in the Middle attacks, Ip Spoofing, Port Scanning and Packet Sniffing by other tenants
• Different instances run on the same physical hardware and are isolated from each other via the Xen hypervisor
• no instance has access to any other instance other than what is intended.
• Instance traffic to other instances is treated the same as public internet traffic
• Customer instances have no access to raw disk devices, but are presented instead with virtual disks
• AWS disk virtualization resets each block of storage used by customers so that one customers data is never exposed to other
• Memory allocated to guests is scrubbed or set to 0 by the hypervisor when unallocated from a guest
• Unallocated memory is NEVER returned to the pool of free memory until memory scrubbing is done
• Firewalls in hypervisor layer, between physical network interface and instances virtual interfaces
• All network packets must pass through the firewall layer
• AWS provides their annual certifications and compliance reports

AWS provides alignment with security best practices and a variety of IT security standards, including:

• SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
• SOC 2
• SOC 3
• FISMA, DIACAP, and FedRAMP
• DOD CSM Levels 1-5
• PCI DSS Level 1
• ISO 9001 / ISO 27001
• ITAR
• FIPS 140-2
• MTCS Level 3

Also, industry-specific standards, including:

• Criminal Justice Information Services (CJIS)
• Cloud Security Alliance (CSA)
• Family Educational Rights and Privacy Act (FERPA)
• Health Insurance Portability and Accountability Act (HIPAA)

Motion Picture Association of America (MPAA)