The CSA Consensus Assessment Initiative Questionnaire provides a set of questions that the CSA anticipates a cloud consumer and/ or auditor would ask a cloud provider. It provides a series of security, control, and process questions that can then be used for a wide range of cases, including cloud vendor selection and security assessment. This document contains AWS’s responses to the CSA questionnaire.
This document addresses AWS specific information on general cloud computing compliance subjects. It provides detailed descriptions of all AWS third-party certifications, programs, reports, and attestations.
https://aws.amazon.com/compliance/data-center/controls
Many questionnaires have a complete section with questions related to the physical security of data centers. This website provides information about some of our physical and environmental controls.
https://aws.amazon.com/compliance/data-center/data-centers/
Learn key aspects about how we build our data centers to provide you with security in the following layers:
If you require more detailed information about security of the cloud in AWS, or if your auditor is asking you about security of the cloud that you can not find in the sources mentioned before, another resource available for review is the “Standardized Information Gathering (SIG) Questionnaire” report at AWS Artifact which includes an excel document with multiple detailed questions about data center controls and their answers.