Amazon Web Services
AWS is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. In aggregate, these cloud computing web services provide a set of primitive abstract technical infrastructure and distributed computing building blocks and tools.
Location(s)
AWS has 31 zones(s) in 22 countries:
- Europe
- North America
- South America
- Central America
- Asia
- Africa
- Russia
- Pacific
Elastic Compute Cloud
Secure and resizable compute capacity in the cloud
896 CPU
35.2 TB of RAM
16 GPU
Instance types
Lightsail
Virtual servers, storage, databases, and networking for a low, predictable price.
16 CPU
68.7 GB of RAM
Instance types
Simple Storage Service
Object storage built to store and retrieve any amount of data from anywhere
Glacier
Long-term, secure, durable object storage for data archiving
Workspace
BSI C5 Type 1
Specifies minimum requirements for secure cloud computing and is primarily intended for professional cloud providers, their auditors and customers.
BSI C5 Type 2
Specifies minimum requirements for secure cloud computing and is primarily intended for professional cloud providers, their auditors and customers.
CCCS
Comprehensive evaluation and analysis of cyber threats and vulnerabilities in Canada's digital landscape.
CJIS Security Policy
Guidelines and standards established by the FBI to ensure the security and protection of criminal justice information systems.
CMMC
Designed to protect sensitive unclassified information that is shared by the DoD with its contractors and subcontractors.
CPSTIC
Sandards and guidelines for information security in public administrations and organizations within Spain.
DCCS
Security model by which DoD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions.
DESC Security Standard
Requirements and guidance for CSPs and those organizations using any cloud services
DFARS
Cybersecurity requirements for contractors handling controlled unclassified information within the US DoD supply chain.
ENS
Set of security standards and requirements established by the Spanish government to ensure the protection of information and assets.
FedRAMP
Cost-effective, risk-based approach for the adoption and use of cloud services by the federal government.
FERPA
Federal law that affords parents the right to have access to their children’s education records
FIPS
US and Canadian government standard that specifies the security requirements for cryptographic modules.
FISC guidelines
Set of security standards and best practice to enhance the security of their information systems.
FISMA
Framework of guidelines and security standards to protect government information and operations.
HDS
Strengthen the protection of personal health data and build an environment of trust around eHealth and patient monitoring.
HIPAA
Federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
HITRUST
Set of security and privacy controls and standards designed to safeguard healthcare information and manage risk within the healthcare industry.
IAR
Provide management and technical information security controls for entities to establish, implement, maintain, and continuously improve information assurance.
ISO 27001:2022
Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO 27015:2017
Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO 27018:2019
Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ITAR
Regulations to prevent the unauthorized export of defense and military-related technology and data, ensuring compliance with U.S. export control laws.
K-ISMS
Certification program in South Korea for organizations to ensure robust information security practices.
MPA
Protect intellectual property, prevent piracy, and secure sensitive content throughout the production, distribution, and exhibition processes.
NHS DSPT
Self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s security standards
NIST 800-53
Catalog of security and privacy controls for all U.S. federal information systems except those related to national security.
OSPAR
Evaluates the security and compliance practices of external service providers, ensuring they meet required standards and regulations for handling sensitive data and services.
PASF
Specific security standards and protocols to safeguard sensitive information, evidence and assets.
PCI-DSS
Information security standard for organizations that handle branded credit cards from the major card schemes
Pinakes
Rating framework intended to manage and monitor the cybersecurity controls of service providers that Spanish financial entities.
PIPEDA
Governs how private sector organizations collect, use, and disclose personal information in the course of commercial activities
PiTuKri
Evaluates the effectiveness of controls and processes according to international assurance standards.
SEC Rules 17a-4 18a-6
Mandate specific recordkeeping and retention requirements for broker-dealers and investment advisers
