Amazon AppStream 2.0
Administration Guide

AppStream 2.0 Compliance

The following sections provide information about Amazon AppStream 2.0 compliance, certifications, and accreditations.

Health Insurance Portability and Accountability Act (HIPAA)

The AWS Health Insurance Portability and Accountability Act (HIPAA) compliance program includes Amazon AppStream 2.0 as a HIPAA Eligible Service. If you have an executed Business Associate Addendum (BAA) with AWS, you can use AppStream 2.0 to help build your HIPAA-compliant applications. For more information, see the following resources.

  • HIPAA Compliance — Provides general information and answers to frequently asked questions about HIPAA compliance on AWS.

  • Architecting for HIPAA Security and Compliance on Amazon Web Services — Provides information about how to use AWS to create HIPAA-compliant applications. The paper focuses on the HIPAA Privacy and Security Rules for protecting Protected Health Information (PHI), how to use AWS to encrypt data in transit and at rest, and how AWS features can be used to meet HIPAA requirements for auditing, back-ups, and disaster recovery.

Payment Card Industry Data Security Standard (PCI DSS)

AppStream 2.0 is PCI compliant and conforms to the PCI DSS. PCI DSS is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. PCI DSS applies to all entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. For more information, see PCI DSS Compliance.

FIPS 140-2 Compliance

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies security requirements for cryptographic modules that protect sensitive information. AppStream 2.0 administrators and users can communicate with the service through a FIPS-compliant connection by using a FIPS-compliant endpoint (FIPS endpoint). AppStream 2.0 offers FIPS endpoints in all United States AWS Regions where AppStream 2.0 is available. For more information, see the following resources.