Compliance on AWS Flashcards
What are the three compliance standards noted for the AWS SysOps certification
PCI
ISO
HIPPA
What does ISO stand for?
International Organization for Standards.
Which ISO standard concerns AWS
ISO/IEC 27001:2005
What is ISO/IEC 27001:2005
Specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented Information Security Management System within the context of the organization’s overall business risks.
Is AWS ISO/IEC 27001:2005 compliant?
Yes.
What does FedRAMP stand for?
The Federal Risk and Authorization Management Program.
What is FedRAMP?
A government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
What does HIPAA stand for?
Health Insurance Portability and Accountability Act of 1996
What is HIPAA?
A law to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
What does NIST stand for?
National Institute of Standards and Technology
What does NIST do for compliance?
Provides a set of industry standards and best practices to help organizations manage cybersecurity risks.
What does PCI stand for?
Payment Card Industry
What standard does PCI use for securing data?
PCI DSS - Payment Card Industry Data Security Standard
What is PCI DSS
A widely accepted set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information.
What is the current PCI DSS version?
v3.2
What is the primary goal of PCI DSS v3.2?
Build and maintain a secure network and system for payment card transactions.
What is PCI DSS requirement 1?
Install and maintain a firewall configuration to protect cardholder data.
What is PCI DSS requirement 2?
Do not use vendor-supplied defaults for system passwords and other security parameters
What is PCI DSS requirement 3?
Protect stored cardholder data through measures such as rest encryption.
What is data at rest?
data that is stored on long term media.
What is data in transit?
Data that is communicated from one system to another.
True or false: Data encryption and storage methods should be considered for both data at rest and data in transit?
True.
What are methods that can be used to secure data at rest
Ensure strong encryption of data stored on media. Store data in databases, and encrypt databases where feasible.
What are methods to secure data in transit?
Utilize transport layer security methods such as TLS, SSL, HTTPS.