Identify security and regulatory requirements

It is essential to identify the regulations you need to comply with in your organization and to understand clearly what each regulation expects in terms of security controls to implement.

Keep in mind that even if AWS is certified, you may require a certification of your cloud loads, auditors can rely on documents found in AWS Artifact to verify compliance with security controls related to security OF the cloud.

In our Compliance Center you can find information for each country:

Identifying Required Regulations

https://aws.amazon.com/financial-services/security-compliance/compliance-center

AWS Risk and Compliance Whitepaper

(includes auditor FAQs):
https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf

Risk Mitigation

  • Without clear understanding of the requirements, lack of compliance can lead to regulators or government fines, revoking licenses, or losing the authorization to operate.

Guidance for assessments

  • Have you identified your security requitements ? any framework you’re aligning to ?
  • Have you identified your regulatory requirements ?
  • Do you have a team or individual in charge of the compliance analysis and audits?

See also

See also the following related recommendation on the maturity model:
Create your reports for compliance (such as PCI-DSS)