Amazon Web Services (AWS) offers many different tools that facilitate compliance with the Government of Canada’s Centre for Cyber Security (CCCS) security requirements. As of April 2024, 150 services and features have been assessed by the CCCS and meet the requirements for the Medium Cloud Security Profile, formerly known as Protected B / Medium Integrity / Medium Availability (PBMM).
As you know, there is no technical solution that guarantees an auditor will find an organization in compliance with any control. Satisfying these controls requires a “whole-of-organization” approach to security and compliance, one that combines people, policies, procedures, processes, and technologies to achieve results.
Utilizing these services, however, can significantly enhance your organization’s security and compliance posture while streamlining the audit and approval process. And that’s why we’ve made a guide specifically for the Medium Cloud Security Profile: to help cloud security architects, engineers, and compliance personnel select AWS services that facilitate compliance with CCCS Medium. You’ll learn how to use in-scope AWS services that may facilitate full or partial compliance at the individual control level.
Learn more: Achieve CCCS Medium Compliance – Canadian Center for Cybersecurity
Before You Use The Guide to AWS Services for CCCS Medium
When using this guide, we assume you have knowledge of the following documents published by the CCCS:
- CCCS Medium Cloud Security Profile
- Cloud service provider Information Technology security assessment process (ITSM.50.100)
- Guidance on the security categorization of cloud-based services (ITAP.50.103)
- Guidance on cloud security assessment and authorization (ITSP.50.105)
Additionally, please keep in mind that this guidance is not directly portable to the other comparable security compliance standards, which may have subtly different requirements and interpretation. And finally, at the time of this writing, this guidance only applies to the AWS Canada (Central) Region.
Download your In-Depth Guide to AWS Services for CCCS Medium Cloud Security Profile here:
