Compliance validation for AWS CloudShell
Third-party auditors assess the security and compliance of AWS services as part of multiple AWS compliance programs.
AWS CloudShell is in scope with the following compliance programs:
AWS System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives.
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 9001:2015, and CSA STAR CCM v4.0.
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.
|
Service |
SDK |
||
|---|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ | ✓ |
The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) provides a standardized assessment and authorization process for cloud service providers (CSPs) to gain a DoD provisional authorization, so that they can serve DoD customers.
Services going through DoD CC SRG assessment and authorization will have the following status:
Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor.
Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review.
Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review.
Service |
SDK |
|||||
|---|---|---|---|---|---|---|
|
AWS CloudShell |
CloudShell |
3PAO Assessment |
N/A |
N/A |
N/A |
N/A |
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
AWS enables covered entities and their business associates subject to HIPAA to securely process, store, and transmit protected health information (PHI). Additionally, as of July 2013, AWS offers a standardized Business Associate Addendum (BAA) for such customers.
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
The Information Security Registered Assessors Program (IRAP) enables Australian Government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the Australian Government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC).
Service |
Namespace* |
|
|---|---|---|
|
AWS CloudShell |
N/A |
✓ |
*Namespaces help you identify services across your AWS environment. For example, when you create IAM policies, work with Amazon Resource Names (ARNs), and read AWS CloudTrail logs.
The Multi-Tier Cloud Security (MTCS) is an operational Singapore security management Standard (SPRING SS 584), based on ISO 27001/02 Information Security Management System (ISMS) standards.
|
Service |
SDK |
US-East(Ohio) |
US-East(N.Virginia) |
US-West(Oregon) |
US-West(N.California) |
Singapore |
Seoul |
|---|---|---|---|---|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
✓ | ✓ | N/A | N/A | N/A |
Cloud Computing Compliance Controls Catalog (C5) is a German Government-backed attestation scheme introduced in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks when using cloud services within the context of the German Government's "Security Recommendations for Cloud Providers".
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
The ENS (Esquema Nacional de Seguridad) accreditation scheme has been developed by the Ministry of Finance and Public Administration and the CCN (National Cryptologic Centre). This comprises of basic principles and minimum requirements necessary for the adequate protection of information.
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
The Swiss Financial Market Supervisory Authority (FINMA) is Switzerland’s independent financial-markets regulator. AWS’s alignment with FINMA requirements demonstrates our continuous commitment to meeting the heightened expectations for cloud service providers set by Swiss financial services regulators and customers.
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
AWS alignment with PiTuKri requirements demonstrates our continuous commitment to meeting the heightened expectations for cloud service providers set by Finnish Transport and Communications Agency, Traficom.
Service |
SDK |
|
|---|---|---|
|
AWS CloudShell |
CloudShell |
✓ |
For a list of AWS services that are in scope of specific compliance programs, see AWS
Services in Scope by Compliance Program
You can download third-party audit reports by using AWS Artifact. For more information, see Downloading Reports in AWS Artifact.
Your compliance responsibility when using AWS CloudShell is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. AWS provides the following resources to help with compliance:
-
Security and Compliance Quick Start Guides
– These deployment guides discuss architectural considerations and provide steps for deploying security-focused and compliance-focused baseline environments on AWS. -
Architecting for HIPAA Security and Compliance Whitepaper – This whitepaper describes how companies can use AWS to create HIPAA-compliant applications.
AWS Compliance Resources
– This collection of workbooks and guides might apply to your industry and location. Evaluating Resources with Rules in the AWS Config Developer Guide – The AWS Config service assesses how well your resource configurations comply with internal practices, industry guidelines, and regulations.
-
AWS Security Hub – This AWS service provides a comprehensive view of your security state within AWS that helps you check your compliance with security industry standards and best practices.
