Experienced auditors combined with AWS technical depth
Cybersecurity compliance solutions
Financial Services
Manage your financial data with AWS and receive support for compliance with industry standards
Leverage AWS consultants’ knowledge of frameworks, guidelines, and requirements such as FFIEC, NYDFS, GLBA, and PCI DSS to support your data protection and compliance efforts.
Bolster security and privacy, not just compliance
Support your security and privacy posture with AWS’s guidance while navigating cloud compliance tailored to financial regulations. Increase visibility into security governance and use audit playbooks as effective communication tools with regulators and external audit teams in the financial services sector.
Healthcare & Life Sciences
Healthcare data on AWS and compliance
Protect healthcare data and support your compliance objectives with AWS services. AWS advisors are knowledgeable about cloud-related requirements stemming from regulations and laws like HIPAA and GDPR, as well as standards and best practices such as HITRUST and GxP.
Advancing healthcare security and compliance with automated solutions
Strengthen healthcare-related security and privacy standards within the cloud by leveraging AWS tools and guidance.
Public Sector
Safeguard government systems and data with AWS compliance expertise
Partner with AWS compliance advisors on Public Sector infrastructure and data integrity on AWS covering frameworks like CMMC, NIST, FedRAMP, FISMA, and CJIS.
Supporting Public Sector security and compliance initiatives
Enhance your security and compliance efforts within the Public Sector with AWS's tailored solutions. Streamline select compliance tasks aligned with public sector regulations, and increase transparency in security governance. Leverage custom audit resources for effective communication with regulators and external audit teams, aiding in the audit and reporting processes.
Preparing for your compliance audit with AWS support
In this interview with Jessie Skibbe, a privacy and security assurance leader at AWS, we’re diving into the odds and ends of security compliance. Watch this conversation to learn more about what it takes to pass an audit.
Industry regulations
View some of the supported regulations, laws, frameworks, and standards.
Financial Services
Basel III, BSA - Bank Secrecy Act
CFPB - Consumer Financial Protection Bureau regulations
CFTC - Commodity Futures Trading Commission regulations
Dodd-Frank Act - Dodd-Frank Wall Street Reform and Consumer Protection Act
DORA - Digital Operations Resilience Act
FCRA - Fair Credit Reporting Act
FFIEC - Federal Financial Institutions Examination Council guidelines
FINRA - Financial Industry Regulatory Authority rules
FISMA - Federal Information Security Management Act
GLBA - Gramm-Leach-Bliley Act
PCI DSS - Payment Card Industry Data Security Standard
SEC - Securities and Exchange Commission regulations, Securities Act of 1933, Securities Exchange Act of 1934
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Healthcare
FISMA - Federal Information Security Management Act
GDPR - General Data Protection Regulation
HIPAA - Health Insurance Portability and Accountability Act
HITECH - Health Information Technology for Economic and Clinical Health Act
HITRUST CSF - Health Information Trust Alliance Common Security Framework
MDDS - Medical Device Data Systems regulations
MDSAP - Medical Device Single Audit Program
NIST - National Institute of Standards and Technology guidelines
OCR - Office for Civil Rights regulations
PHI - Protected Health Information
PTI - Prescription Tracking Initiative regulations
SAMHSA - Substance Abuse and Mental Health Services Administration guidelines
UDI - Unique Device Identification system
Veeva - Veeva Vault compliance standards
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Public Sector
CJIS - Criminal Justice Information Services security policy
CUI - Controlled Unclassified Information regulations
DHS - Department of Homeland Security regulations
FISMA - Federal Information Security Management Act
FedRAMP - Federal Risk and Authorization Management Program
FIPS - Federal Information Processing Standards
FISSEA - Federal Information Systems Security Educators' Association guidelines
ITAR - International Traffic in Arms Regulations
NIST - National Institute of Standards and Technology guidelines
OMB - Office of Management and Budget directives
PDD - Presidential Decision Directive
RMF - Risk Management Framework
TSA - Transportation Security Administration regulations
USA PATRIOT Act - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act
VA - Department of Veterans Affairs regulations
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Technology
CCPA - California Consumer Privacy Act
COPPA - Children's Online Privacy Protection Act
CPRA - California Privacy Rights Act
DMCA - Digital Millennium Copyright Act
ECPA - Electronic Communications Privacy Act
FISMA - Federal Information Security Management Act
GDPR - General Data Protection Regulation
HIPAA - Health Insurance Portability and Accountability Act
PCI DSS - Payment Card Industry Data Security Standard
SOC 2 - Service Organization Control 2
TCPA - Telephone Consumer Protection Act
TISAX - Trusted Information Security Assessment Exchange
TSCP - Trusted Software Control Program
EFTA - Electronic Fund Transfer Act
FERPA - Family Educational Rights and Privacy Act
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Other
CIS Controls - Center for Internet Security Controls
COBIT - Control Objectives for Information and Related Technologies
CSA CCM - Cloud Security Alliance Cloud Controls Matrix
CSF - Cybersecurity Framework
CMMC - Cybersecurity Maturity Model Certification
ISO/IEC 27001 - International Organization for Standardization/International Electrotechnical Commission
NIST SP 800-53 - National Institute of Standards and Technology Special Publication 800-53
OWASP ASVS - Open Web Application Security Project Application Security Verification Standard
PCIDSS - Payment Card Industry Data Security Standard
PRISM - Profiles for Risk and Security Management
SOC 1 - Service Organization Control 1
SOC 2 - Service Organization Control 2
SOC 3 - Service Organization Control 3
SSAE 18 - Statement on Standards for Attestation Engagements No. 18
Zero Trust Architecture
Customers are solely responsible for identifying, understanding, and managing all compliance requirements applicable to their business or industry. AWS provides tools, resources, and guidance designed to support compliance efforts. However, AWS does not determine, verify, or assume responsibility for compliance with any specific laws, regulations, or industry standards applicable to any customer's operations. It is the sole responsibility of each customer to ensure their own compliance with all relevant laws, regulations, and standards.
Customer success stories
Browse customer testimonials to help you discover how AWS can help you in your compliance journey.
Booking.com
Excellent support from the AWS Proserve team in reviewing, documenting our PCI compliance status and drafting recommendations to automate and migrate PCI workloads.”
Harold Tobin, IT Risk and Control Officer for Booking.com
Air Canada
Air Canada worked with AWS Professional Services and AWS Security Assurance Services team on three strategic projects. The teams demonstrated self-sufficiency in being able to understand the high-level goals while taking ownership and driving the project forward with spectacular results in a short time. We are impressed with the team’s intellect, ability to solution, prototype, and execute.”
Suresh Subasinghe, Director of Digital Platform Architecture, Air Canada
Teads
AWS’ approach to helping us understand compliance requirements and prepare for our SOC2 assessment is the best I experienced in terms of deliverables' quality, support provided, and expertise.”
Oussama Benzaouia, Chief Information Security Officer, Teads Technology
MasterControl
Securing FedRAMP authorization is no small effort. We needed a partner that had deep expertise in FedRAMP compliance and could educate our team on AWS architecture and best practices. AWS Professional Services delivered on this ask and exceeded our expectations."
Matt Lowe, Chief Strategy Officer
Entersekt
Through the expertise of AWS SAS and ProServe consultants, we attained PCI DSS and 3DS compliance, broadened our presence to the USA, and established a fortified PCI infrastructure. Their insightful guidance instilled confidence, ensuring smooth compliance oversight. Thanks to AWS SAS's knowledgeable and seasoned consultants, what appeared daunting and unattainable due to our accelerated product release date and tight timeline, transformed into success. Their proficiency ensured our product met PCI standards, priming it for a successful launch in the US market via AWS."
Richard Bailey, EVP Engineering, Entersekt
Related resources for Security Assurance Services
Connect with an expert
Leverage AWS consultants to enhance your security and compliance efforts. Assess your environment, explore automation options, and streamline processes with our guidance. Contact us today to get started!
