Compliance and Security on AWS

Compliance and Security on AWS image

Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk on AWS. By providing independent, tailored advice and services that span the cybersecurity lifecycle (Cyber Risk Services, Compliance Services, and Coalfire Labs), we help clients develop scalable programs that improve their security posture on AWS, achieve their business objectives, and fuel their continued success.

Offering technical proficiency, deep AWS expertise, proven customer success and the ability to deliver solutions seamlessly, Coalfire helps AWS customers establish sustainable and effective security, risk and compliance programs.


Compliance on AWS

Since 2012, AWS has leveraged Coalfire’s expertise to help ease your security burden in meeting numerous compliance guidelines. Coalfire provides educational resources to the AWS ecosystem of partners, clients, and prospects on how to leverage AWS’ security investment and what they each need to do.

Coalfire has supported AWS on such compliance frameworks as:

  • FedRAMP: Supported AWS’ initiatives with FedRAMP in both the Agency Authority to Operate (ATO) and FedRAMP Joint Authorization Board (JAB) Provisional ATO (P-ATO) process for GovCloud and U.S. East/West Regions. This included the formal assessment of the cloud environment and services contained within the authorization boundary to meet FedRAMP requirements.
  • DoD SRG: Assessed the organization for Impact Level II authorization, conducting technical testing, privacy review, and controls assessment.
  • PCI DSS: Audited to PCI DSS, resulting in a report on compliance (ROC) for various services. This ensures the cardholder data environment (CDE) met compliance through their efforts to increase security around the CDE.
  • HITRUST CSF: Worked closely with AWS to successfully assess and certify 74 services across a broad range of AWS offerings and supporting infrastructure within the HITRUST CSF framework. The full assessment project was completed in only 90 days.
  • Penetration testing: Identified and exploited critical vulnerabilities, and then provided remediation guidance, which demonstrated that AWS’ network and information assets were protected from threats. These penetration tests were conducted as part of compliance requirements and standalone proactive testing initiatives.

 

Understanding HITRUST CSF certification on AWS

Watch Video

Coalfire can help you improve your security posture on AWS.

Learn How

Why choose Coalfire?

Comprehensive Approach

Coalfire, a cybersecurity advisory firm, works with AWS and clients across a wide variety of industries on their security and compliance validations, certifications, and authorizations.

Using a combination of advisory, compliance, technical testing, and cyber engineering services, Coalfire analyzes all aspects of our clients’ environments and makes recommendations to improve their security posture. With a complete picture of possible vulnerabilities and threats, clients can make informed decisions to realize compliance and take appropriate steps to reduce cyber risk and achieve greater success.

Deep experience

Over the nearly 20 years that we have grown our business, we have more than 1,800 government and commercial clients, a broad portfolio of cybersecurity solutions, and one of the largest, most advanced technical testing and simulation teams.

Industry- and client-focused innovators

We understand businesses and industries of our clients. We have 97% client retention rate, 12 locations with more than 650 employees, and more than 40 industry certifications and affiliations to help us deploy the right people, processes, and technology to mitigate risk.

Top