Menu
Standardized Architecture for NIST High-Impact Controls on AWS
Quick Start Reference Deployment Guide

Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security: Quick Start Reference Deployment

Deployment Guide

AWS Enterprise Accelerator – Compliance Offering

AWS Envision Engineering, AWS Professional Services, and AWS Quick Start Reference Team

Trend Micro AWS Cloud Architecture Team

June 2016

This Quick Start reference deployment guide discusses architectural considerations and steps for deploying security-focused baseline environments on the Amazon Web Services (AWS) cloud. Specifically, this Quick Start deploys a standardized environment that helps organizations meet the National Institute of Standards and Technology (NIST) SP 800-53 high-impact security control baseline, as well as supporting various assessment and authorization frameworks that include the requirements from the high-impact baseline:

  • NIST SP 800-53 (Revision 4) high-impact security control baseline for workloads that are categorized as high-impact information systems (per NIST FIPS Publication 199 guidance)

  • The Committee on National Security Systems (CNSS) Instruction 1253

  • Federal Risk and Authorization Management Program (FedRAMP)

  • The DoD Cloud Computing Security Requirements Guide (SRG)

  • NIST SP 800-171

  • The OMB Trusted Internet Connection (TIC) Initiative – FedRAMP Overlay (pilot)

The Quick Start includes Deep Security, which is a host-based security product from Trend Micro. This Quick Start deployment guide was created by AWS in partnership with Trend Micro.

The deployment guide includes links for viewing and launching AWS CloudFormation templates developed by AWS and Trend Micro that automate the deployment.

This Quick Start is part of a set of AWS Enterprise Accelerator – Compliance offerings, which provide security-focused, standardized architecture solutions to help Managed Service Providers (MSPs), cloud provisioning teams, developers, integrators, and information security teams adhere to strict security, compliance, and risk management controls.

The following links are for your convenience. The launch button runs the main Quick Start template, which sets up a multi-tier, Linux-based web application using nested templates. For descriptions of the templates included in this Quick Start and information about using the nested templates separately, see the Templates Used in This Quick Start section of this guide.

  • If you have an AWS account that already meets the technical requirements for the NIST deployment, you can launch the Quick Start to build the architecture shown in Figure 2. The template is launched in the US East (N. Virginia) by default. If you have an AWS GovCloud (US) account, you can launch the template in the AWS GovCloud (US) Region.

    The deployment takes approximately one hour. If you’re new to AWS or to NIST-compliant architectures on AWS, please read the overview and follow the detailed pre-deployment and deployment steps described in this guide.

    
              NIST Quick Start launch button

  • If you want to take a look under the covers, you can view the main template used in this deployment. The main template includes references to child templates, and provides default settings that you can customize by following the instructions in this guide. For descriptions of the templates and guidance for using the nested templates separately, see the Templates Used in this Quick Start section of this guide.

    
              NIST high-impact Quick Start view template button

  • You can also view the security controls matrix (Microsoft Excel spreadsheet), which maps the architecture decisions, components, and configuration in this Quick Start to security requirements within NIST, TIC, and DoD Cloud SRG publications. The excerpt in Figure 1 provides a sample of the available information.

    
              NIST Quick Start security controls reference

    
          Excerpt from the security controls matrix

    Figure 1: Excerpt from the security controls matrix

We'd like your feedback

After you deploy this Quick Start, please take a few minutes to fill out our survey. Your response is anonymous and will help us improve this and other AWS Enterprise Accelerator – Compliance reference deployments.

About Quick Starts

Quick Starts are automated reference deployments for key workloads on the AWS cloud. Each Quick Start launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability.

On this page: