Introduction to AWS GoldBase

Similar documents
Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Security by Design Running Compliant workloads in AWS

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

10 Considerations for a Cloud Procurement. March 2017

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

COMPLIANCE IN THE CLOUD

Introduction to the Federal Risk and Authorization Management Program (FedRAMP)

Security & Compliance in the AWS Cloud. Amazon Web Services

Intermedia s Private Cloud Exchange

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Compliance and Security in a Cloud-First Era

SoftLayer Security and Compliance:

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

Netflix OSS Spinnaker on the AWS Cloud

Accelerating the HCLS Industry Through Cloud Computing

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Compliance & Security in Azure. April 21, 2018

Swift Web Applications on the AWS Cloud

Streamlined FISMA Compliance For Hosted Information Systems

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

Microsoft Azure Security, Privacy, & Compliance

Getting Started with AWS Security

HITRUST ON THE CLOUD. Navigating Healthcare Compliance

Twilio cloud communications SECURITY

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

HIPAA / HITECH Overview of Capabilities and Protected Health Information

TRACKVIA SECURITY OVERVIEW

Puppet on the AWS Cloud

Agency Guide for FedRAMP Authorizations

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

WHITE PAPER. Title. Managed Services for SAS Technology

SOC 3 for Security and Availability

Architecting for Greater Security in AWS

Secure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO

Automating Elasticity. March 2018

Accelerate Your Enterprise Private Cloud Initiative

Compliance with CloudCheckr

FedRAMP Digital Identity Requirements. Version 1.0

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Google Cloud & the General Data Protection Regulation (GDPR)

HIPAA Compliance and Auditing in the Public Cloud

Branding Guidance December 17,

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Video on Demand on AWS

IT-CNP, Inc. Capability Statement

PROFESSIONAL SERVICES (Solution Brief)

AWS Landing Zone. AWS Developers Guide. June 2018

Layer Security White Paper

Virtual Machine Encryption Security & Compliance in the Cloud

Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance

Vendor Security Questionnaire

Standardized Architecture for NIST-based Assurance Frameworks in the AWS Cloud

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Morgan Independent Software Vendor Lead

NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

incontact Open Cloud Platform Scalable, Reliable, Extensible, Powering Contact Centers of all Sizes.

Akamai White Paper. FedRAMP SM Helps Government Agencies Jumpstart their Journey to the Cloud. FedRAMP. Federal Risk Authorization Management Program

Oracle Database Vault

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

The Value of ANSI Accreditation. Top 10 Advantages. of accredited third-party conformity assessment

COBIT 5 With COSO 2013

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Achieving third-party reporting proficiency with SOC 2+

ISACA Cincinnati Chapter March Meeting

TEL2813/IS2820 Security Management

Solutions Technology, Inc. (STI) Corporate Capability Brief

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

locuz.com SOC Services

Standardized Architecture for PCI DSS on the AWS Cloud

Security Management Models And Practices Feb 5, 2008

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

FEDERALLY COMPLIANT HYBRID IT QTS GOVERNMENT SOLUTIONS

AWS Service Catalog. User Guide

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Cisco CloudCenter Solution Use Case: Application Migration and Management

IBM Advantage: IBM Watson Compare and Comply Element Classification

Vol. 1 Technical RFP No. QTA0015THA

Security Secure Information Sharing

Governance for the Public Sector Cloud

Control-M and Payment Card Industry Data Security Standard (PCI DSS)

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security

FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS. VERSION 1.0 October 20, 2016

Secret Server HP ArcSight Integration Guide

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

EC2 Scheduler. AWS Implementation Guide. Lalit Grover. September Last updated: September 2017 (see revisions)

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

CYBER SECURITY WHITEPAPER

In today s business environment, data creates value so it s more important than ever to protect it as a vital business asset

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Transcription:

Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015

2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS s products or services, each of which is provided as is without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. Page 2 of 10

Contents Abstract 3 Architecting for Compliance in AWS 4 Compliance in the Cloud 4 Compliance Standards 4 AWS GoldBase 6 AWS GoldBase Solution 6 Benefits 6 Security Controls Responsibility Matrix (CRM) 6 User Guide with Deployment Instructions 8 AWS GoldBase Delivery 9 Conclusion 9 Further Reading 10 Abstract The AWS GoldBase solution is designed to enable customers create secure and compliant workloads in AWS, as well as reduce the complexity of maintaining secure baselines at scale as customer environments transform over time. This solution provides many benefits, including the ability to securely deploy recommended, reliable, and secure resources in AWS. AWS GoldBase is an automated reference architecture, following security-leading practices and supporting multiple customer compliance requirements (e.g. FISMA, PCI, CJIS, FFIEC, HIPAA, etc.). This solution allows for a repeatable process that you can use to ensure compliant configuration of AWS resources in the cloud, while reducing the time needed to approve applications for production use. Page 3 of 10

Architecting for Compliance in AWS Compliance in the Cloud Compliance is a broad term used within technology and business. The simplest definition of comply is to meet specified standards. Ensuring compliance in the cloud includes adhering to the following standards: Third-party Security Frameworks Established policies within the customer organization Security-leading practices across industry verticals AWS GoldBase provides you with validated, automated and recommended reference architecture, which has been validated against specific security and compliance requirements in mind (examples of which are listed in the next section). Within the context of deploying applications on AWS, AWS GoldBase incorporates advanced, leading practices for ensuring integrity, availability, confidentiality, and security at scale through predictable, repeatable and verifiable security configurations. Compliance Standards The AWS Shared Responsibility model outlines the responsibilities for security and compliance in customer environments. When deploying systems in the AWS Cloud, AWS shares security responsibilities with you. AWS manages the underlying infrastructure, and you are responsible for securing anything you deploy in AWS. AWS is highly accredited, which means that an auditor has verified that specific security controls are in place and operating as intended. To help you meet specific government, industry, and company security standards and regulations, AWS provides certification reports that describe how the AWS Cloud infrastructure meets the requirements of an extensive list of global security standards, including: ISO 27001, SOC, the PCI Data Security Standard, FedRAMP, the Australian Signals Directorate (ASD) Information Security Manual, and the Singapore Multi-Tier Cloud Security Standard (MTCS SS 584). Examples of security standards which AWS GoldBase can support: FedRAMP (SM) - AWS has achieved two Agency Authority to Operate (ATOs) under the Federal Risk and Authorization Management Program Page 4 of 10

(Official: FedRAMP) at the Moderate impact level. All U.S. government agencies can leverage the AWS Agency ATO packages stored in the FedRAMP repository to evaluate AWS for their applications and workloads, provide authorizations to use AWS, and transition workloads into the AWS environment. The Department of Defense (DoD) Cloud Security Model (CSM) - Provides a formalized assessment and authorization process for cloud service providers (CSPs) to gain a DoD Provisional Authorization, which can subsequently be leveraged by DoD customers. HIPAA - AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the AWS environment to process, maintain, and store protected health information. Additionally, AWS, as of July 2013, is able to sign business associate agreements (BAA) with such customers. ISO 27001 - AWS is ISO 27001 certified (published certificate) under the International Organization for Standardization (ISO) 27001 standard. ISO 27001 is a widely adopted global security standard that outlines the requirements for information security management systems. CJIS Security Policy AWS s cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available for storing criminal justice information. Our architecture provides an extremely scalable, highly-reliable platform enabling customers to deploy applications to include Criminal Justice Information Services (CJIS) workloads according to the CJIS Security Policy. PCI DSS - AWS is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can run applications on our PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. EU Data Protection Directive - The Article 29 Working Party has approved the AWS Data Processing Agreement, which includes the Model Clauses. The Article 29 Working Party has found that the AWS Data Processing Agreement meets the requirements of the Directive with respect to Model Clauses. Page 5 of 10

AWS GoldBase AWS GoldBase is a solution to enable customers to streamline, automate, and implement secure baselines in AWS, from initial design to operational secure readiness. AWS GoldBase incorporates the expertise of AWS solutions architects, as well as security and compliance personnel, to build a secure and reliable architecture in an easy-to-implement package through automation. AWS GoldBase Solution The AWS GoldBase solution includes the following items for customer use: Security Control Responsibility Matrix (CRM) Architecture diagrams AWS CloudFormation templates User Guides and deployment instructions Benefits Reduced cost and time for secure deployment Reliable security controls adherence Transparency, compliance and auditability Real time risk management (e.g. continuous monitoring) Constrained standardization for multiple security frameworks Security Controls Responsibility Matrix (CRM) The AWS GoldBase solution includes a security CRM, which maps features and resources to specific security controls requirements. Security, compliance and audit personnel can leverage these documents as a reference for making certification and accrediting of systems in AWS easier. The matrix outlines control implementation reference architecture and evidence examples, which meets the security control risk mitigation for the AWS customer environment. Page 6 of 10

Figure 1: NIST SP 800-53 rev. 4 control security control matrix Architectural Diagrams Architectural diagrams are included with the AWS GoldBase solution. These diagrams illustrate and document the design. They provide a visual reference that demonstrates the components deployed by the AWS CloudFormation templates. These diagrams accompany the description of security features implemented by the AWS GoldBase templates. Figure 2: Architectural diagrams for AWS GoldBase AWS CloudFormation Templates The AWS GoldBase offering includes AWS CloudFormation templates, which enable recommended automated deployments of a secure and compliant baseline architectures. The default AWS GoldBase solution consists of four JSON (JavaScript Object Notation) template files, which can be launched as stacks using the AWS CloudFormation service. What is an AWS CloudFormation Stack? When you use AWS CloudFormation, you manage related resources as a single unit called a stack. In other words, you create, update, and delete a collection of resources by creating, updating, and deleting stacks. All the resources in a stack are defined by the stack's AWS CloudFormation template. Page 7 of 10

To update resources, you first modify the stack templates and then update your stack by submitting the modified template. You can work with stacks by using the AWS CloudFormation console, API, or AWS CLI. Figure 3: AWS CloudFormation stacks This solution provides modularity capabilities, which enables you to deploy a subset of resources as needed. The design facilitates reusability of templates for multiple use cases. Additionally, for greater control and security, AWS CloudFormation templates can be imported into AWS Service Catalog as portfolios and/or products to enable centralized management of resources to support consistent governance, security and compliance requirements, while enabling users to quickly deploy only the approved IT services they need. User Guide with Deployment Instructions The AWS GoldBase solution includes a user guides, which provide step-by-step instructions on how to deploy services using the AWS CloudFormation templates, as well as instructions for creating AWS Service Catalogs products and portfolios and for enabling versioning to support automatic distribution to all users who have access to the product and portfolios. Additionally, AWS Service Catalog customers can apply AWS Identity and Access Management (IAM) permissions to control who can view and modify your products and portfolios as, well as apply constraints to restrict specific AWS resources. Page 8 of 10

AWS GoldBase Delivery AWS GoldBase packages can be customized to meet multiple regulated, security and compliance frameworks. To get started or to get more information on the AWS GoldBase solution email: aws-goldbase@amazon.com. Conclusion The AWS GoldBase solution was designed to create a recommended, secure baseline for customer environments across multiple security and compliance frameworks, standards and regulatory authorities. The result enables an automated, secure and auditable baseline. The benefits reduce costs, time, and effort to deploy secure and compliant capabilities in AWS using leading practices in security by design architecture. The AWS GoldBase solution is available for public sector, enterprise and other regulated customer workloads. It can be customized by customers directly or through our experienced architects, engineers, and IT transformation leads, who work alongside your staff and/or via trusted partners to focus on high-quality delivery and sustainable knowledge transfer. The AWS GoldBase solution is the evolution of a secure customer baseline of resources in AWS. It supports multiple leading security-practices and directly implements several customer compliance requirements (e.g. Access Control, Firewall rules, Audit & logging, etc.) which can relied upon, verified and reported on within a real-time risk management approach. Page 9 of 10

Further Reading GoldBase Implementation Guide: https://d0.awsstatic.com/whitepapers/compliance/goldbase_implementa tion_guide.pdf AWS Compliance Center: http://aws.amazon.com/compliance AWS Security By Design: http://aws.amazon.com/compliance/security-bydesign AWS Security Center: http://aws.amazon.com/security AWS Security Resources: http://aws.amazon.com/security/securityresources FedRAMP FAQ: http://aws.amazon.com/compliance/fedramp Risk and Compliance Whitepaper: http://d0.awsstatic.com/whitepapers/compliance/aws_risk_and_comp liance_whitepaper.pdf AWS Products Overview: http://aws.amazon.com/products/ AWS Sales and Business Development: http://aws.amazon.com/compliance/contact/ Government and Education on AWS: http://aws.amazon.com/government-education/ AWS Professional Services: http://aws.amazon.com/professional-services/ Page 10 of 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback