Standardized Architecture for NIST-based Assurance Frameworks on AWS
NIST Quick Start

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Appendix: Enhancements in This AWS Enterprise Accelerator – Compliance Release

This is part of a set of compliance Quick Starts. AWS is constantly working to improve the design, ease of use, and security features of these solutions. This latest compliance Quick Start includes the following security and compliance enhancements:

  • HTTPS load balancers with custom security policy using TLS and auto-generation of a self-signed certificate for testing purposes

  • Network access control list (ACL) rules for filtering ingress/egress traffic as an additional layer of network security

  • Security groups to limit both inbound and outbound traffic to only available ports and protocols

  • AWS Config rules automatically deployed for monitoring specific resources most relevant to compliance

  • Secure Amazon S3 policies for logging and application buckets, including custom lifecycle policies for archiving objects in Amazon S3 Glacier and use of versioning

  • Custom CloudWatch alarms and notifications for specific security-related events in CloudTrail logging of root activity, IAM changes, and changes to logging policies

  • Simplified AWS CloudFormation templates that decouple components, including VPCs, to allow for easier modification and reuse

  • Reduced set of AWS CloudFormation parameter groups and labels to simplify console use during the deployment process

  • Elastic Load Balancing and Amazon S3 access logging enabled for the application layer

  • Deployment of a secured login bastion host for SSH access to Amazon EC2 instances within the architecture

In addition, this Quick Start was expanded to support NIST SP 800-53 (Revision 4), NIST SP 800-122, NIST SP 800-171, the OMB TIC Initiative – FedRAMP Overlay (pilot), and the DoD Cloud Computing SRG. For information about these requirements, see the NIST-based Assurance Frameworks section.