Requirement 3 - Physically secure the environment

Physical security

AWS manages the physical infrastructure for the hosted environments, and physical security requirements are inherited from the AWS global infrastructure. Customers are responsible for the physical security and data classification of media exported or transferred out of the AWS environment, but not for the physical security of data stored within AWS. Under CSCF Control 3.1, customers are also responsible for the physical security and management of any physical HSM devices they use that connect to resources provisioned in the AWS Cloud. Customers are also still responsible for the physical security of any physical locations in which they store, process, or transmit messages. These might include corporate offices, call centers, or retail locations.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Requirement 2 - Reduce attack surface and vulnerabilities

Requirement 4 - Prevent compromise of credentials