Compliance and security on AWS
Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk on AWS. By providing independent, tailored advice and services that span the cybersecurity lifecycle (Cyber Risk Services, Compliance Services, and Coalfire Labs), we help clients develop scalable programs that improve their security posture on AWS, achieve their business objectives, and fuel their continued success.
Offering technical proficiency, deep AWS expertise, proven customer success and the ability to deliver solutions seamlessly, Coalfire helps AWS customers establish sustainable and effective security, risk and compliance programs.
Compliance on AWS
Since 2012, AWS has leveraged Coalfire’s expertise to help ease your security burden in meeting numerous compliance guidelines. Coalfire provides educational resources to the AWS ecosystem of partners, clients, and prospects on how to leverage AWS’ security investment and what they each need to do.
Coalfire has supported AWS on such compliance frameworks as:
- FedRAMP®: Supported AWS’ initiatives with FedRAMP in both the Agency Authority to Operate (ATO) and FedRAMP® Joint Authorization Board (JAB) Provisional ATO (P-ATO) process for GovCloud and U.S. East/West Regions. This included the formal assessment of the cloud environment and services contained within the authorization boundary to meet FedRAMP requirements.
- DoD SRG: Assessed the organization for Impact Level II authorization, conducting technical testing, privacy review, and controls assessment.
- PCI DSS: Audited to PCI DSS, resulting in a report on compliance (ROC) for various services. This ensures the cardholder data environment (CDE) met compliance through their efforts to increase security around the CDE.
- HITRUST CSF: Worked closely with AWS to successfully assess and certify 74 services across a broad range of AWS offerings and supporting infrastructure within the HITRUST CSF framework. The full assessment project was completed in only 90 days.
- Penetration testing: Identified and exploited critical vulnerabilities, and then provided remediation guidance, which demonstrated that AWS’ network and information assets were protected from threats. These penetration tests were conducted as part of compliance requirements and standalone proactive testing initiatives.
AWS Managed Services
Comprehensive suite of services for designing, building, and managing secure and compliant cloud environments on AWS.
FedRAMP® authorization on AWS
As part of the ATO on AWS program, Coalfire works closely with organizations aiming to achieve FedRAMP authorization.
Compliance and security on AWS
Coalfire is the cybersecurity advisor that helps private and public sector organizations meet compliance, avert threats, close gaps, and effectively manage risk on AWS.
AWS for Healthcare
Coalfire applies our knowledge of security, compliance and AWS services to help AWS healthcare customers establish sustainable and effective security, risk and compliance programs.
Migration to AWS
Coalfire offers technical proficiency, deep AWS expertise, and proven customer success in migrating solutions seamlessly to AWS. We can help your organization identify the most strategic and optimized approach to securely migrating workloads to AWS.
Security on AWS for public safety
From cyber risk services to compliance and disaster recovery, Coalfire provides solutions to meet the mission-critical demands of organizations involved in public safety.
Why choose Coalfire?
Comprehensive Approach
Coalfire, a cybersecurity advisory firm, works with AWS and clients across a wide variety of industries on their security and compliance validations, certifications, and authorizations.
Using a combination of advisory, compliance, technical testing, and cyber engineering services, Coalfire analyzes all aspects of our clients’ environments and makes recommendations to improve their security posture. With a complete picture of possible vulnerabilities and threats, clients can make informed decisions to realize compliance and take appropriate steps to reduce cyber risk and achieve greater success.
Deep experience
Over the nearly 20 years that we have grown our business, we have more than 1,800 government and commercial clients, a broad portfolio of cybersecurity solutions, and one of the largest, most advanced technical testing and simulation teams.
Industry- and client-focused innovators
We understand businesses and industries of our clients. We have 97% client retention rate, with more than 1,000 employees, and more than 40 industry certifications and affiliations to help us deploy the right people, processes, and technology to mitigate risk.
Considerations for HITRUST CSF certifications on AWS
Featured resources
