Learn how to architect for compliance in the AWS cloud and see how your organization can leverage the agility, cost savings, scalability, and flexibility of the cloud while meeting the most stringent regulatory and compliance requirements, including Federal Risk and Authorization Management Program (FedRAMP), ITAR, CJIS, HIPAA, and DoD Cloud Computing Security Requirements Guide (SRG) Levels 2 and 4. Hear best practices and practical use cases for using AWS GovCloud (US) to comply with a variety of regulatory regimes.
4. US Federal - FedRAMP
26
Agency Authorizations
www.fedramp.gov
“We do not need another application, we need a new
experience…”
- LaVerne Council, Assistant Secretary for IT &
Chief Information Officer of the Department of Veterans
Affairs
Under Ms. LaVerne Council and using AWS, the team at
the VA shortened their development cycle from 6
months to 3 months, reduced overhead by 80%, and
consolidated onto 1 change calendar and 1 release
calendar, versus the 60 previous ones.
https://www.cloudhealthtech.com/blog/what-you-missed-aws-public-sector-summit-2016
9
Services FedRAMP
Authorized
FedRAMP High
(JAB P-ATO)
FedRAMP Moderate
(A-ATO)
5. Department of Defense
Authorizations
DOD CC SRG Impact Level 2
DOD CC SRG Impact Level 4
• Confidentiality of CUI
• NIST 800-171
• 14 control families, 109 requirements
• Maps to 131 NIST 800-53, Rev 4 Security
Controls
https://blogs.aws.amazon.com/security/post/Tx115XWF9J5G4MM/Need-NIST-
Compliance-in-the-AWS-Cloud-AWS-Compliance-Has-You-Covered-NIST-800-171
6. AWS: Catalyst for Rapid Performance Optimization
6
20 Nodes, 50 Nodes, 100 Nodes and 200
Nodes
7. State – Criminal Justice Information Systems
New
CJIS Security Policy
Workbook
“
CJIS Security Policy v5.5
US Persons
“The Oregon State Police (OSP) is pleased to
announce to the Oregon CJIS community that
OSP and Amazon have agreed to a security
control agreement that meets every
requirement of the FBI’s CJIS Security Policy.
This agreement gives Oregon agencies
additional hosting options that enhance
security, while meeting their business
requirements pertaining to Criminal Justice
Information (CJI),” said Major Tom M. Worthy,
CSO, Oregon State Police.
8. Education
Early last year, Stanford University students, Jason Su and Apaar Sadhwani, took the Project
in Mining Massive Data Sets course taught by Dr. Anand Rajaraman and Dr. Jeffrey
Ullman. The course gives students practical experience in data mining and machine learning
algorithms for analyzing large amounts of data. Students undertake team projects of their
own design with the mentorship of professors and the cloud computing power of Amazon
Web Services (AWS). AWS provided platform credits to the students and instructor as part of
the curriculum.
For Apaar, AWS makes research much easier. “It is difficult to get access to large computing
resources. AWS is so convenient to scale up and scale down. With AWS, we start small and
it gives the institution and professors the confidence that we should be investing more.”
https://aws.amazon.com/blogs/publicsector/an-eye-on-science-how-stanford-students-turned-classwork-into-their-lifes-work/
9. Financial Services
“Our goal is to enable safe
innovation for government
agencies, so they can take
advantage of technological
advances that increase operational
efficiencies while protecting the
critical nature of their missions,
data, and applications,” said Kevin
Henkener, VP of Engineering at
Sipree. “AWS GovCloud (US)
helps us achieve compliance in the
cloud for the most secure entities
in the world.”
https://globenewswire.com/news-release/2016/09/07/870142/0/en/Sipree-
Deploys-on-AWS-GovCloud-US-With-FedRAMP-High-Controls.html
Mandatory FTI
Req’t for Cloud
Responsibility
Notification of use Customer
Data isolation AWS/Customer
SLA Customer
Encryption in transit AWS/Customer
Encryption at rest AWS/Customer
Data deletion AWS/Customer
Risk assessment AWS/Customer
Security controls AWS/Customer
IRS Publication 1075
10. Health Care Life Sciences
“
The National Institutes of Health has awarded Vibrent Health a five-year, $74
million contract to supply a technology platform for NIH to enroll and engage
U.S. participants in the cohort program of the White House’s Precision Medicine
Initiative.
“Vibrent Health said …it will develop, test, maintain and update the platform for
the nationwide medical research effort using data hosting services from Amazon
Web Services’ GovCloud region.”
http://blog.executivebiz.com/2016/07/nih-picks-vibrent-health-platform-for-national-precision-medicine-study/