Amazon Web Services

AWS is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. In aggregate, these cloud computing web services provide a set of primitive abstract technical infrastructure and distributed computing building blocks and tools.

Amazon Web Services's logo


Location(s)

AWS has 31 zones(s) in 22 countries:

  • Europe
  • North America
  • South America
  • Central America
  • Asia
  • Africa
  • Russia
  • Pacific

Elastic Compute Cloud

Secure and resizable compute capacity in the cloud

448 CPU

26.4 TB of RAM

16 GPU

Instance types

Lightsail

Virtual servers, storage, databases, and networking for a low, predictable price.

8 CPU

34.4 GB of RAM

Instance types

Simple Storage Service

Object storage built to store and retrieve any amount of data from anywhere

Glacier

Long-term, secure, durable object storage for data archiving

Workspace

BSI C5 Type 1

BSI C5 Type 1

Specifies minimum requirements for secure cloud computing and is primarily intended for professional cloud providers, their auditors and customers.

BSI C5 Type 2

BSI C5 Type 2

Specifies minimum requirements for secure cloud computing and is primarily intended for professional cloud providers, their auditors and customers.

CCCS

CCCS

Comprehensive evaluation and analysis of cyber threats and vulnerabilities in Canada's digital landscape.

CISPE

CISPE

CJIS Security Policy

CJIS Security Policy

Guidelines and standards established by the FBI to ensure the security and protection of criminal justice information systems.

CMMC

CMMC

Designed to protect sensitive unclassified information that is shared by the DoD with its contractors and subcontractors.

CPSTIC

CPSTIC

Sandards and guidelines for information security in public administrations and organizations within Spain.

CSA Star

CSA Star

The industry's most powerful program for security assurance in the cloud.

CyberVadis

CyberVadis

Third-party risk and cybersecurity risk management

DCCS

DCCS

Security model by which DoD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions.

DESC Security Standard

DESC Security Standard

Requirements and guidance for CSPs and those organizations using any cloud services

DFARS

DFARS

Cybersecurity requirements for contractors handling controlled unclassified information within the US DoD supply chain.

ENS

ENS

Set of security standards and requirements established by the Spanish government to ensure the protection of information and assets.

FedRAMP

FedRAMP

Cost-effective, risk-based approach for the adoption and use of cloud services by the federal government.

FERPA

FERPA

Federal law that affords parents the right to have access to their children’s education records

finma

finma

Protect financial market clients and ensure the proper functioning of the financial centrer

FIPS

FIPS

US and Canadian government standard that specifies the security requirements for cryptographic modules.

FISC guidelines

FISC guidelines

Set of security standards and best practice to enhance the security of their information systems.

FISMA

FISMA

Framework of guidelines and security standards to protect government information and operations.

G-Cloud

G-Cloud

UK government program to promote government-wide adoption of cloud computing.

GNS

GNS

Protecting classified data processing and transmission.

GSMA

GSMA

Security Assurance and Certification

GxP

GxP

Ensure a product is safe and meets its intended use.

HDS

HDS

Strengthen the protection of personal health data and build an environment of trust around eHealth and patient monitoring.

HIPAA

HIPAA

Federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

HITRUST

HITRUST

Set of security and privacy controls and standards designed to safeguard healthcare information and manage risk within the healthcare industry.

IAR

IAR

Provide management and technical information security controls for entities to establish, implement, maintain, and continuously improve information assurance.

ISO 20000:2018

ISO 20000:2018

Service management - Part 1: Service management system requirements

ISO 22301:2019

ISO 22301:2019

Security and resilience — Business continuity management systems — Requirements

ISO 27001:2022

ISO 27001:2022

Code of practice for information security controls based on ISO/IEC 27002 for cloud services

ISO 27015:2017

ISO 27015:2017

Code of practice for information security controls based on ISO/IEC 27002 for cloud services

ISO 27018:2019

ISO 27018:2019

Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO 27701:2019

ISO 27701:2019

Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management

ISO 9001:2015

ISO 9001:2015

Quality management systems — Requirements

ITAR

ITAR

Regulations to prevent the unauthorized export of defense and military-related technology and data, ensuring compliance with U.S. export control laws.

K-ISMS

K-ISMS

Certification program in South Korea for organizations to ensure robust information security practices.

MPA

MPA

Protect intellectual property, prevent piracy, and secure sensitive content throughout the production, distribution, and exhibition processes.

NHS DSPT

NHS DSPT

Self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s security standards

NIST 800-53

NIST 800-53

Catalog of security and privacy controls for all U.S. federal information systems except those related to national security.

orap

orap

None

OSPAR

OSPAR

Evaluates the security and compliance practices of external service providers, ensuring they meet required standards and regulations for handling sensitive data and services.

PASF

PASF

Specific security standards and protocols to safeguard sensitive information, evidence and assets.

PCI-DSS

PCI-DSS

Information security standard for organizations that handle branded credit cards from the major card schemes

Pinakes

Pinakes

Rating framework intended to manage and monitor the cybersecurity controls of service providers that Spanish financial entities.

PIPEDA

PIPEDA

Governs how private sector organizations collect, use, and disclose personal information in the course of commercial activities

PiTuKri

PiTuKri

Evaluates the effectiveness of controls and processes according to international assurance standards.

ProcessUnity

ProcessUnity

Third-party risk and cybersecurity risk management

SEC Rules 17a-4 18a-6

SEC Rules 17a-4 18a-6

Mandate specific recordkeeping and retention requirements for broker-dealers and investment advisers

SNI 27001

SNI 27001

Indonesian national standard based on the ISO/IEC 27001 framework, outlining requirements for establishing, implementing, maintaining, and continually improving an information security management system

SOC 1 Type II

SOC 1 Type II

Internal Control over Financial Reporting

SOC 2 Type II

SOC 2 Type II

Trust Services Criteria

SOC 3

SOC 3

Trust Services Criteria for General Use Report

TISAX

TISAX

Secure processing of information from business partners, the protection of prototypes and data protection in accordance with the GDPR for transactions between automobile manufacturers, service providers or suppliers


Platform as a Service