aws re:invent 2016: aws govcloud (us) for highly regulated workloads (wwps301)
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Chris Gile, Sr Manager AWS Security Assurance
November 28, 2016
AWS GovCloud (US) for
Highly Regulated Workloads
WWPS301
Security Assurance Programs OverviewAWS GovCloud (US)
DoD CJIS
FedRAMP Moderate
FedRAMP High
SRG Impact Level 4
CUI/NIST 800-171 ITAR/Export Controlled FIPS 140-2
FISMA
VPN
Connection
API
Direct Connect
US Persons Only
IRS Pub 1075
SRG Impact Level 2
US Federal
2016 Highlights
FedRAMP
High ImpactJoint Authorization
Board (JAB)Provisional
Authorization
Security & Identity
Storage & Content Delivery
Networking
Compute
Analytics
Database
DOD Cloud Computing
SRG Impact Level 4Provisional Authorization
9 Services FedRAMP Authorized
*Amazon DynamoDB, Amazon EMR, Amazon RDS, &
Amazon Redshift FedRAMP Moderate A-ATO
26Agency
Authorizationswww.fedramp.gov
US Federal - FedRAMP
26Agency Authorizations
www.fedramp.gov
“We do not need another application, we need a new
experience…”
- LaVerne Council, Assistant Secretary for IT &
Chief Information Officer of the Department of Veterans
Affairs
Under Ms. LaVerne Council and using AWS, the team at
the VA shortened their development cycle from 6
months to 3 months, reduced overhead by 80%, and
consolidated onto 1 change calendar and 1 release
calendar, versus the 60 previous ones.
https://www.cloudhealthtech.com/blog/what-you-missed-aws-public-sector-summit-2016
9Services FedRAMP
Authorized
FedRAMP High
(JAB P-ATO)
FedRAMP Moderate
(A-ATO)
Department of Defense
Authorizations
DOD CC SRG Impact Level 2
DOD CC SRG Impact Level 4
• Confidentiality of CUI
• NIST 800-171
• 14 control families, 109 requirements
• Maps to 131 NIST 800-53, Rev 4 Security
Controls
https://blogs.aws.amazon.com/security/post/Tx115XWF9J5G4MM/Need-NIST-
Compliance-in-the-AWS-Cloud-AWS-Compliance-Has-You-Covered-NIST-800-171
AWS: Catalyst for Rapid Performance Optimization
6
20 Nodes, 50 Nodes, 100 Nodes and 200
Nodes
State – Criminal Justice Information Systems
New
CJIS Security Policy
Workbook
“
CJIS Security Policy v5.5
US Persons
“The Oregon State Police (OSP) is pleased to
announce to the Oregon CJIS community that
OSP and Amazon have agreed to a security
control agreement that meets every
requirement of the FBI’s CJIS Security Policy.
This agreement gives Oregon agencies
additional hosting options that enhance
security, while meeting their business
requirements pertaining to Criminal Justice
Information (CJI),” said Major Tom M. Worthy,
CSO, Oregon State Police.
Education
Early last year, Stanford University students, Jason Su and Apaar Sadhwani, took the Project
in Mining Massive Data Sets course taught by Dr. Anand Rajaraman and Dr. Jeffrey
Ullman. The course gives students practical experience in data mining and machine learning
algorithms for analyzing large amounts of data. Students undertake team projects of their
own design with the mentorship of professors and the cloud computing power of Amazon
Web Services (AWS). AWS provided platform credits to the students and instructor as part of
the curriculum.
For Apaar, AWS makes research much easier. “It is difficult to get access to large computing
resources. AWS is so convenient to scale up and scale down. With AWS, we start small and
it gives the institution and professors the confidence that we should be investing more.”
https://aws.amazon.com/blogs/publicsector/an-eye-on-science-how-stanford-students-turned-classwork-into-their-lifes-work/
Financial Services
“Our goal is to enable safe
innovation for government
agencies, so they can take
advantage of technological
advances that increase operational
efficiencies while protecting the
critical nature of their missions,
data, and applications,” said Kevin
Henkener, VP of Engineering at
Sipree. “AWS GovCloud (US)
helps us achieve compliance in the
cloud for the most secure entities
in the world.”
https://globenewswire.com/news-release/2016/09/07/870142/0/en/Sipree-
Deploys-on-AWS-GovCloud-US-With-FedRAMP-High-Controls.html
Mandatory FTI
Req’t for Cloud
Responsibility
Notification of use Customer
Data isolation AWS/Customer
SLA Customer
Encryption in transit AWS/Customer
Encryption at rest AWS/Customer
Data deletion AWS/Customer
Risk assessment AWS/Customer
Security controls AWS/Customer
IRS Publication 1075
Health Care Life Sciences
“
The National Institutes of Health has awarded Vibrent Health a five-year, $74
million contract to supply a technology platform for NIH to enroll and engage
U.S. participants in the cohort program of the White House’s Precision Medicine
Initiative.
“Vibrent Health said …it will develop, test, maintain and update the platform for
the nationwide medical research effort using data hosting services from Amazon
Web Services’ GovCloud region.”
http://blog.executivebiz.com/2016/07/nih-picks-vibrent-health-platform-for-national-precision-medicine-study/
Services for 2016Security &
IdentityStorage &
Content
Delivery
NetworkingCompute AnalyticsDatabase
Amazon
DynamoDB
Amazon
RDS
Amazon
Redshift
Amazon
Glacier
Amazon
S3
Amazon
EC2
Amazon
VPC
Management
Tools
AWS
CloudFormation
Amazon
CloudWatch
AWS
CloudTrail
AWS IAM
AWS KMS
Amazon
EMR
Amazon Kinesis
Streams
Amazon
SQS
Amazon
SWF
Amazon
SNS
Amazon EBS
Application
Services
Security Assurance Links
https://aws.amazon.com/compliance
https://aws.amazon.com/security
https://aws.amazon.com/compliance/fedramp
https://aws.amazon.com/compliance/dod
https://aws.amazon.com/compliance/resources
https://aws.amazon.com/govcloud-us
https://aws.amazon.com/documentation
https://aws.amazon.com/compliance
https://aws.amazon.com/professional-
services/enterprise-accelerators/compliance-jumpstart/
Thank you!
Remember to complete
your evaluations!