Compliance Validation for Amazon S3 Glacier - Amazon S3 Glacier

This page is only for existing customers of the S3 Glacier service using Vaults and the original REST API from 2012.

If you're looking for archival storage solutions we suggest using the S3 Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see S3 Glacier storage classes and Long-term data storage using S3 Glacier storage classes in the Amazon S3 User Guide. These storage classes use the Amazon S3 API, are available in all regions, and can be managed within the Amazon S3 console. They offer features like Storage Cost Analysis, Storage Lens, advanced optional encryption features, and more.

Compliance Validation for Amazon S3 Glacier

The security and compliance of Amazon S3 Glacier (S3 Glacier) is assessed by third-party auditors as part of multiple AWS compliance programs, including the following:

  • System and Organization Controls (SOC)

  • Payment Card Industry Data Security Standard (PCI DSS)

  • Federal Risk and Authorization Management Program (FedRAMP)

  • Health Insurance Portability and Accountability Act (HIPAA)

AWS provides a frequently updated list of AWS services in scope of specific compliance programs at AWS Services in Scope by Compliance Program.

Third-party audit reports are available for you to download using AWS Artifact. For more information, see Downloading Reports in AWS Artifact in the AWS Artifact User Guide.

For more information about AWS compliance programs, see AWS Compliance Programs.

Your compliance responsibility when using S3 Glacier is determined by the sensitivity of your data, your organization’s compliance objectives, and applicable laws and regulations. If your use of S3 Glacier is subject to compliance with standards like HIPAA, PCI, or FedRAMP, AWS provides resources to help:

  • S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specify controls such as “write once read many” (WORM) in a vault lock policy and lock the policy from future edits. After the policy is locked, it can no longer be changed. Vault lock policies can help you comply with regulatory frameworks such as SEC17a-4 and HIPAA.

  • Security and Compliance Quick Start Guides discuss architectural considerations and steps for deploying security- and compliance-focused baseline environments on AWS.

  • Architecting for HIPAA Security and Compliance outlines how companies use AWS to help them meet HIPAA requirements.

  • The AWS Well-Architected Tool (AWS WA Tool) is a service in the cloud that provides a consistent process for you to review and measure your architecture using AWS best practices. The AWS WA Tool provides recommendations for making your workloads more reliable, secure, efficient, and cost-effective.

  • AWS Compliance Resources provide several different workbooks and guides that might apply to your industry and location.

  • AWS Config can help you assess how well your resource configurations comply with internal practices, industry guidelines, and regulations.

  • AWS Security Hub provides you with a comprehensive view of your security state within AWS and helps you check your compliance with security industry standards and best practices.