Amazon Web Services Security Overview

Amazon Web Services (AWS) delivers a highly scalable cloud computing platform with high availability and reliability. The platform enables customers to build a wide range of applications.

To provide end-to-end security and end-to-end privacy, AWS:

• Builds services in accordance with security best practices
• Provides appropriate security features in those services
• Documents how to use those security features

AWS customers must use the security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.

AWS provides a wide range of information regarding its IT control environment to customers through:

• white papers
• reports
• certifications
• other third-party attestations

This information assists customers in understanding the controls in place relevant to the AWS services they use and how independent auditors have validated those controls. The information AWS provides also assists customers in their efforts to account for and to validate that controls are operating effectively in their extended IT environment.

At a high level, Amazon Web Services takes the following approach to secure the AWS infrastructure:

• Reports, Certifications, and Independent Attestations
• Information Assurance Certification and Accreditation Program (DIACAP)
• Physical Security
• Secure Services
• Data Privacy
• PCI DSS Level1
• ISO 27001