Customer Compliance Guides now available on AWS Artifact

Amazon Web Services (AWS) has released Customer Compliance Guides (CCGs) to support customers, partners, and auditors in their understanding of how compliance requirements from leading frameworks map to AWS service security recommendations. CCGs cover 100+ services and features offering security guidance mapped to 10 different compliance frameworks. Customers can select any of the available frameworks and services to see a consolidated summary of recommendations that are mapped to security control requirements.

 <p>CCGs summarize key details from <a href="https://docs.aws.amazon.com/security/" target="_blank" rel="noopener">public AWS user guides</a> and map them to related security topics and control requirements. CCGs don’t cover compliance topics such as physical and maintenance controls, or organization-specific requirements such as policies and human resources controls. This makes the guides lightweight and focused only on the unique security considerations for AWS services.</p> <p>Customer Compliance Guides work backwards from security configuration recommendations for each service and map the guidance and compliance considerations to the following frameworks:</p> <table width="100%"> <tbody> <tr> <td width="50%"> <ul> <li>National Institute of Standards and Technology (NIST) 800-53</li> <li>NIST Cybersecurity Framework (CSF)</li> <li>NIST 800-171</li> <li>System and Organization Controls (SOC) II</li> <li>Center for Internet Security (CIS) Critical Controls v8.0</li> <li>ISO 27001</li> </ul> </td> <td width="50%"> <ul> <li>NERC Critical Infrastructure Protection (CIP)</li> <li>Payment Card Industry Data Security Standard (PCI-DSS) v4.0</li> <li>Department of Defense Cybersecurity Maturity Model Certification (CMMC)</li> <li>HIPAA</li> </ul> </td> </tr> </tbody> </table> <p>Customer Compliance Guides help customers address three primary challenges:</p> <ol> <li>Explaining how configuration responsibility might vary depending on the service and summarizing security best practice guidance through the lens of compliance</li> <li>Assisting customers in determining the scope of their security or compliance assessments based on the services they use to run their workloads</li> <li>Providing customers with guidance to craft security compliance documentation that might be required to meet various compliance frameworks</li> </ol> <p>CCGs are available for download in <a href="https://aws.amazon.com/artifact/" target="_blank" rel="noopener">AWS Artifact</a>. Artifact is your go-to, central resource for AWS compliance-related information. It provides on-demand access to security and compliance reports from AWS and independent software vendors (ISVs) who sell their products on <a href="https://aws.amazon.com/marketplace" target="_blank" rel="noopener">AWS Marketplace</a>. To access the new CCG resources, navigate to AWS Artifact from the console and search for <strong>Customer Compliance Guides</strong>. To learn more about the background of Customer Compliance Guides, see the YouTube video <a href="https://youtu.be/o13js0hIO_o" target="_blank" rel="noopener">Simplify the Shared Responsibility Model</a>.</p> <p> <br>If you have feedback about this post, submit comments in the<strong> Comments</strong> section below. If you have questions about this post, <a href="https://console.aws.amazon.com/support/home" target="_blank" rel="noopener noreferrer">contact AWS Support</a>.</p> <p><strong>Want more AWS Security news? Follow us on <a title="Twitter" href="https://twitter.com/AWSsecurityinfo" target="_blank" rel="noopener noreferrer">Twitter</a>.</strong></p> <!-- '"` -->