AWS Security Blog The latest AWS security, identity, and compliance launches, announcements, and how-to posts.
- AWS completes the CCCS PBHVA assessment with 149 services and features in scopeby Naranjan Goklani on December 19, 2024 at 7:58 pm
We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce the successful completion of our first ever Protected B High Value Assets (PBHVA) assessment with 149 assessed services and features. Completion of this assessment effective October 4, 2024, makes AWS the first cloud service provider
- 2024 ISO and CSA STAR certificates now available with two additional servicesby Atulsing Patil on December 19, 2024 at 7:52 pm
Amazon Web Services (AWS) successfully completed a surveillance audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. EY CertifyPoint auditors conducted the audit and reissued the certificates on November 29, 2024. The objective of the audit was to assess
- Updated PCI DSS and PCI PIN compliance packages now availableby Nivetha Chandran on December 19, 2024 at 5:22 pm
Amazon Web Services (AWS) is pleased to announce enhancements to our Payment Card Industry (PCI) compliance portfolio, further empowering AWS customers to build and manage secure, compliant payment environments with greater ease and flexibility. PCI Data Security Standard (DSS): Our latest AWS PCI DSS v4 Attestation of Compliance (AOC) is now available and includes six
- Fall 2024 SOC 1, 2, and 3 reports now available with 183 services in scopeby Paul Hong on December 19, 2024 at 5:15 pm
We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that the Fall 2024 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 183 services over the 12-month period from October 1, 2023 to September 30, 2024, so
- AWS named Leader in the 2024 ISG Provider Lens report for Sovereign Cloud Infrastructure Services (EU)by Marta Taggart on December 18, 2024 at 8:49 pm
For the second year in a row, Amazon Web Services (AWS) is named as a Leader in the Information Services Group (ISG) Provider Lens Quadrant report for Sovereign Cloud Infrastructure Services (EU), published on December 18, 2024. ISG is a leading global technology research, analyst, and advisory firm that serves as a trusted business partner
- Enforce resource configuration to control access to new features with AWSby Yossi Cohen on December 16, 2024 at 8:18 pm
Establishing and maintaining an effective security and governance posture has never been more important for enterprises. This post explains how you, as a security administrator, can use Amazon Web Services (AWS) to enforce resource configurations in a manner that is designed to be secure, scalable, and primarily focused on feature gating. In this context, feature
- AWS KMS: How many keys do I need?by Ishva Kanani on December 16, 2024 at 7:47 pm
As organizations continue their cloud journeys, effective data security in the cloud is a top priority. Whether it’s protecting customer information, intellectual property, or compliance-mandated data, encryption serves as a fundamental security control. This is where AWS Key Management Service (AWS KMS) steps in, offering a robust foundation for encryption key management on AWS. One
- Generative AI adoption and compliance: Simplifying the path forward with AWS Audit Managerby Kurt Kumar on December 13, 2024 at 5:43 pm
As organizations increasingly use generative AI to streamline processes, enhance efficiency, and gain a competitive edge in today’s fast-paced business environment, they seek mechanisms for measuring and monitoring their use of AI services. To help you navigate the process of adopting generative AI technologies and proactively measure your generative AI implementation, AWS developed the AWS
- Introducing the AWS Network Firewall CloudWatch Dashboardby Ajinkya Patil on December 12, 2024 at 7:04 pm
Amazon CloudWatch dashboards are customizable pages in the CloudWatch console that you can use to monitor your resources in a single view. This post focuses on deploying a CloudWatch dashboard that you can use to create a customizable monitoring solution for your AWS Network Firewall firewall. It’s designed to provide deeper insights into your firewall’s
- Securing the future: building a culture of securityby Carter Spriggs on December 11, 2024 at 9:42 pm
According to a 2024 Verizon report, nearly 70% of data breaches occurred because a person was manipulated by social engineering or made some type of error. This highlights the importance of human-layer defenses in an organization’s security strategy. In addition to technology, tools, and processes, security requires awareness and action from everyone in an organization
- Introducing an enhanced version of the AWS Secrets Manager transform: AWS::SecretsManager-2024-09-16by Sanjay Varma Datla on December 10, 2024 at 6:26 pm
We’re pleased to announce an enhanced version of the AWS Secrets Manager transform: AWS::SecretsManager-2024-09-16. This update is designed to simplify infrastructure management by reducing the need for manual security updates, bug fixes, and runtime upgrades. AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles. Some AWS services
- AWS-LC FIPS 3.0: First cryptographic library to include ML-KEM in FIPS 140-3 validationby Jake Massimo on December 10, 2024 at 4:28 pm
We’re excited to announce that AWS-LC FIPS 3.0 has been added to the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) modules in process list. This latest validation of AWS-LC introduces support for Module Lattice-Based Key Encapsulation Mechanisms (ML-KEM), the new FIPS standardized post-quantum cryptographic algorithm. This is a significant step towards enhancing the
- AWS Network Firewall Geographic IP Filtering launchby Prasanjit Tiwari on December 6, 2024 at 9:21 pm
AWS Network Firewall is a managed service that provides a convenient way to deploy essential network protections for your virtual private clouds (VPCs). In this blog post, we discuss Geographic IP Filtering, a new feature of Network Firewall that you can use to filter traffic based on geographic location and meet compliance requirements. Customers with
- AWS post-quantum cryptography migration planby Matthew Campagna on December 5, 2024 at 5:32 pm
Amazon Web Services (AWS) is migrating to post-quantum cryptography (PQC). Like other security and compliance features in AWS, we will deliver PQC as part of our shared responsibility model. This means that some PQC features will be transparently enabled for all customers while others will be options that customers can choose to implement to help meet their
- Preparing for take-off: Regulatory perspectives on generative AI adoption within Australian financial servicesby Julian Busic on December 3, 2024 at 3:23 pm
The Australian financial services regulator, the Australian Prudential Regulation Authority (APRA), has provided its most substantial guidance on generative AI to date in Member Therese McCarthy Hockey’s remarks to the AFIA Risk Summit 2024. The guidance gives a green light for banks, insurance companies, and superannuation funds to accelerate their adoption of this transformative technology,
- Exploring the benefits of artificial intelligence while maintaining digital sovereigntyby Max Peterson on November 29, 2024 at 5:03 pm
Around the world, organizations are evaluating and embracing artificial intelligence (AI) and machine learning (ML) to drive innovation and efficiency. From accelerating research and enhancing customer experiences to optimizing business processes, improving patient outcomes, and enriching public services, the transformative potential of AI is being realized across sectors. Although using emerging technologies helps drive positive
- Federated access to Amazon Athena using AWS IAM Identity Centerby Ajay Rawat on November 27, 2024 at 9:14 pm
Managing Amazon Athena through identity federation allows you to manage authentication and authorization procedures centrally. Athena is a serverless, interactive analytics service that provides a simplified and flexible way to analyze petabytes of data. In this blog post, we show you how you can use the Athena JDBC driver (which includes a browser Security Assertion
- Secure root user access for member accounts in AWS Organizationsby Jonathan VanKim on November 22, 2024 at 2:17 pm
AWS Identity and Access Management (IAM) now supports centralized management of root access for member accounts in AWS Organizations. With this capability, you can remove unnecessary root user credentials for your member accounts and automate some routine tasks that previously required root user credentials, such as restoring access to Amazon Simple Storage Service (Amazon S3)
- Securing the RAG ingestion pipeline: Filtering mechanismsby Laura Verghote on November 19, 2024 at 9:51 pm
Retrieval-Augmented Generative (RAG) applications enhance the responses retrieved from large language models (LLMs) by integrating external data such as downloaded files, web scrapings, and user-contributed data pools. This integration improves the models’ performance by adding relevant context to the prompt. While RAG applications are a powerful way to dynamically add additional context to an LLM’s prompt
- Important changes to CloudTrail events for AWS IAM Identity Centerby Arthur Mnev on November 19, 2024 at 6:20 pm
AWS IAM Identity Center is streamlining its AWS CloudTrail events by including only essential fields that are necessary for workflows like audit and incident response. This change simplifies user identification in CloudTrail, addressing customer feedback. It also enhances correlation between IAM Identity Center users and external directory services, such as Okta Universal Directory or Microsoft