Strengthening customer third-party due diligence with renewed AWS CyberGRX assessment

Amazon Net Providers (AWS) is happy to announce the profitable renewal of the AWS CyberGRX cyber threat evaluation report. This third-party validated report helps clients carry out efficient cloud provider due diligence on AWS and enhances clients’ third-party threat administration course of.

With the rise in adoption of cloud services throughout a number of sectors and industries, AWS has turn into a important element of consumers’ environments. Regulated clients are held to excessive requirements by regulators and auditors with regards to exercising efficient due diligence on third events.

Many shoppers use third-party cyber threat administration (TPCRM) providers equivalent to CyberGRX to higher handle dangers from their evolving third-party environments and to drive operational efficiencies. To assist with such efforts, AWS has accomplished the CyberGRX evaluation of its safety posture. CyberGRX safety analysts carry out the evaluation and validate the outcomes yearly.

The CyberGRX evaluation applies a dynamic strategy to third-party threat evaluation. This strategy integrates superior analytics, risk intelligence, and complex threat fashions with distributors’ responses to offer an in-depth view of how a vendor’s safety controls assist shield towards potential threats.

Vendor profiles are constantly up to date as the chance stage of cloud service suppliers adjustments, or as AWS updates its safety posture and controls. This strategy eliminates outdated static spreadsheets for third-party threat assessments, by which the chance matrices are usually not up to date in close to actual time.

As well as, AWS clients can use the CyberGRX Framework Mapper to map AWS evaluation controls and responses to well-known trade requirements and frameworks, equivalent to Nationwide Institute of Requirements and Know-how (NIST) 800-53, NIST Cybersecurity Framework, Worldwide Group for Standardization (ISO) 27001, Fee Card Trade Knowledge Safety Customary (PCI DSS), and the U.S. Well being Insurance coverage Portability and Evaluation Act (HIPAA). This mapping can cut back clients’ third-party provider due-diligence burden.

Prospects can entry the AWS CyberGRX report at no extra value. Prospects can request entry to the report by finishing an entry request type, accessible on the AWS CyberGRX web page.

As all the time, we worth your suggestions and questions. Attain out to the AWS Compliance group by the Contact Us web page. If in case you have suggestions about this submit, submit feedback within the Feedback part under. To be taught extra about our different compliance and safety packages, see AWS Compliance Packages.

Need extra AWS Safety information? Comply with us on Twitter.

Naranjan Goklani

Naranjan is an Audit Lead for Canada. He has expertise main audits, attestations, certifications, and assessments throughout the Americas. Naranjan has greater than 13 years of expertise in threat administration, safety assurance, and performing know-how audits. He beforehand labored in one of many Massive 4 accounting companies and supported purchasers from the monetary providers, know-how, retail, and utilities industries.