Professional Documents
Culture Documents
GRC231 - Lets Talk Assessing AWS With Cloud Audit Academy
GRC231 - Lets Talk Assessing AWS With Cloud Audit Academy
GRC231-R1
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Expectations and assumptions
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
• Overview
Cloud compliance/audit challenges
AWS shared responsibility model (AWS and VMware perspectives)
• Cloud Audit Academy
Program overview
Example module (AU and IR)
How to sign up
• Q&A
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud compliance/audit challenges
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Shared responsibility model: Overview
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security of the cloud:
AWS perspective
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Inherit global security and compliance controls
CCCS
PIPEDA CJIS FERPA
FISC
G-Cloud
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security in the cloud:
Customer (VMware) perspective
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware approach
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware approach
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Shared responsibility model: VMware perspective
CONTROL PLANE
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Audit Academy
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Audit Academy (CAA) overview
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Course modules (example)
01 04
Introduction to Federal and DoD Risk Assessment and
Workloads in AWS Security Assessment
02 05
Access Control and Identification System and Communications
and Authentication Protection
03 06
Audit and Accountability and Configuration Management
Incident Response and Maintenance
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Course modules (example)
01 04
Introduction to Federal and DoD Risk Assessment and
Workloads in AWS Security Assessment
02 05
Access Control and Identification System and Communications
and Authentication Protection
03 06
Audit and Accountability and Configuration Management
Incident Response and Maintenance
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
03 – Audit and accountability and incident response
REQUIREMENT 3.6.1 – INCIDENT RESPONSE PLANNING
• NIST requirements/controls
• Application to AWS
• Test plan
• Best practices
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
NIST SP 800-171 security requirement
STEP 1
3.6.1
Establish operational
incident-handling
capability
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
NIST SP 800-171 security requirement
STEP 1
3.6.1
Establish operational Requirement
incident-handling
capability Development of a comprehensive
incident response plan (IRP)
Preparation
Detection
Analysis
Containment
Recovery
User response activities
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Application to AWS: Relevant services
STEP 2
Logging/monitoring Alerting/aggregation
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Test plan
STEP 3
Requirement 3.6.1
Establish an operational incident-handling capability for organizational systems that includes
preparation, detection, analysis, containment, recovery, and user response activities
1 2 3 4
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Auditor best practices
STEP 4
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Interactive walkthrough (AWS Skill Builder)
1. Register for AWS Skill Builder by navigating to https://explore.skillbuilder.aws
and selecting Sign in in the upper-right corner
2. Follow the steps to either create a new account or sign in with an existing
account, selecting the option applicable to you
3. Once your account is created, you can access the interactive
walkthrough exercises referenced during the course:
https://explore.skillbuilder.aws/learn/course/
internal/view/elearning/14755/cloud-audit-
academy-fdw-interactive-modules
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Audit Academy: How to sign up
aws.amazon.com/compliance/
auditor-learning-path
Questions?
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Please complete
the session survey
in the mobile app
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.