AWS Public Sector Blog
Category: AWS Artifact
Complying with updated NIH Genomic Data Sharing policies on AWS
The National Institutes of Health (NIH) has long maintained guidelines governing the responsible management of controlled access human genomic and phenotypic data maintained in NIH-designated data repositories. Recently, the NIH updated these guidelines to align with the NIST SP 800-171 security standard, which defines a comprehensive framework for securing Controlled Unclassified Information (CUI). In this blog post, we will explore the specifics of the updated NIH guidance and outline how Amazon Web Services (AWS) can help customers build a compliant environment to meet these requirements.
How AWS can enable the Government of Canada’s 2023-2026 Data Strategy
The potential of open data to transform governance and public services is immense, but realizing this potential requires overcoming common obstacles. In this post, we will explore best practices and solutions for Canadian public sector organizations seeking to use the cloud for open data, specifically examining how Amazon Web Services (AWS) can enable open data success.
Securing and automating compliance in the public sector with AWS
Compliance is essential, but ensuring compliance in the cloud with various regulations and standards can be challenging, especially for public sector organizations. The requirements are highly dynamic, constantly evolving, and they vary across countries. Read this blog post to learn about the Amazon Web Services (AWS) resources that can help customers meet compliance requirements, reduce their time and effort, and focus on core business objectives.
Support FedRAMP and CMMC compliance with the Landing Zone Accelerator on AWS
Some US federal agencies and those who collaborate with them must support an automated, secure, and scalable multi-account cloud environment that meets Federal Risk and Authorization Management Program (FedRAMP) and Cybersecurity Maturity Model Certification (CMMC) standards. To support these needs, AWS customers and partners can deploy the Landing Zone Accelerator (LZA) on AWS. Recently, AWS worked with Coalfire, a FedRAMP-approved third-party assessment organization (3PAO) and AWS Partner, to assess and verify the LZA solution.
How NRCan used an AWS open source solution to complete a PBMM evidence package in 60 days
Since signing a framework agreement with the Government of Canada (GC) in 2019, AWS has developed an open source solution to automate the deployment of security controls for GC customers, which can reduce the time it takes to achieve an Authority to Operate (ATO). Natural Resources Canada (NRCan) used this solution to implement their cloud landing zone controls aligned with the Protected B, Medium Integrity, Medium Availability (PBMM) profile. They worked with AWS Partner Kainos to complete an ATO evidence package in only 60 days—a process that typically takes 18 months.
Canadian Centre for Cyber Security adds additional AWS services to its assessment of the AWS Canada (Central) Region
The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.
AWS now able to provide Secure Cloud Services for the Government of Canada
The Government of Canada (GC) signed a framework agreement with AWS to provide Commercially Available Cloud Services for workloads up to the level of Protected B/Medium Integrity/Medium Availability (PBMM). Having a contract vehicle with a Cloud Service Provider (CSP) is a significant step forward in modernizing digital government for Canadians, and will further the Government of Canada’s Cloud and digital strategy. This contract is in addition to the procurement vehicle for unclassified data announced in 2018.