WORKING TO ENSURE COMPLANCE Flashcards
What does AWS engage with external certifying bodies and auditors for?
To provide customers with information about AWS’s policies, processes, and controls.
What is compliance, and what does it specify?
Compliance specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system.
What is certification, and what does it require?
Certification requires the development and implementation of a rigorous security program.
What is AWS Config, and how does it help?
AWS Config is a service to assess, audit, and evaluate the configuration of AWS resources, helping automate evaluation against set rules and maintain configuration history.
How does AWS Config simplify compliance auditing?
It allows for automated evaluation against rules, review of configuration changes, and assessment of compliance against internal guidelines.
What happens to non-compliant resources in AWS Config?
Non-compliant resources are flagged, alerting users to configuration issues that need addressing.
Is AWS Config a regional service, and what does that mean for tracking resources?
Yes, AWS Config is a regional service, and to track resources across regions, it needs to be enabled in each region used.
What does AWS Artifact provide?
AWS Artifact provides on-demand downloads of AWS security and compliance documents for auditing, evaluating cloud architecture, and assessing internal controls.
Can AWS Artifact provide documents for customer applications’ security and compliance?
No, AWS Artifact only provides documents about AWS; customers are responsible for their applications’ security and compliance documents.
What is a Business Associate Agreement (BAA), and when is it required?
A BAA is required for companies subject to HIPAA to ensure protected health information.