Simplifying the Path to Cloud Security Compliance with ATO on AWS
Cyber threats target public sector organizations every day. From ransomware attacks to data theft, systems need defense-in-depth best practices and modern computing solutions to fend off cybercriminals. Many public sector organizations are also facing complex compliance requirements such the Federal Risk and Authorization Management Program (FedRAMP), the Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG), Defense Federal Acquisition Regulation Supplement (DFARS), and Payment Card Industry Data Security Standard (PCI-DSS).
Complying with these regulatory frameworks can be a daunting challenge that’s both time-consuming and expensive. So how can organizations ensure both compliance and solid security in the cloud? Amazon Web Services (AWS) recently announced the Authority to Operate (ATO) program. ATO on AWS is a partner-driven process helping organizations converge common security frameworks to be secure and address compliance requirements at the same time.
AWS Security Automation and Orchestration (SAO)
CIS and other Amazon Partner Network (APN) partners worked with AWS to develop the AWS Security Automation and Orchestration (SAO) methodology which enables AWS customers to constrain, track, and publish continuous risk treatments (CRT). CRT is a process and technology approach using AWS services and partner solutions to detect, maintain, and in most cases correct security, compliance, and threats.
CIS plays a key role in SAO through the CIS Benchmarks, consensus-based configuration guidelines for technologies, are referenced in numerous security frameworks including FedRAMP, DoD Cloud Computing SRG, and PCI-DSS. They are available for download in free PDF format.
Complying with a secure standard
CIS has applied the CIS Benchmarks configuration standards to created hardened Amazon Machine Images (AMIs) of popular operating systems and container environments. Called CIS Hardened Images™, they are preconfigured so your organization can start secure and stay secure in the cloud. In 2018, CIS Hardened Images helped protect over 100 million compute hours in the cloud.
CIS is excited for this opportunity to work with AWS and fellow APN partners to enhance cloud security for the public sector and others.