Renewal of Amazon Web Services CyberGRX assessment to enhance customers’ third-party due diligence process

by Naranjan Goklani | on

CyberGRX

Amazon Web Services (Amazon Web Services) is pleased to announce renewal of the Amazon Web Services CyberGRX cyber risk assessment report . This third-party validated report helps customers perform effective cloud supplier due diligence on Amazon Web Services and enhances their third-party risk management process.

With the increase in adoption of cloud products and services across multiple sectors and industries, Amazon Web Services has become a critical component of customers’ third-party environments. Regulated customers are held to high standards by regulators and auditors when it comes to exercising effective due diligence on third parties.

Many customers use third-party cyber risk management (TPCRM) services such as CyberGRX to better manage risks from their evolving third-party environments and to drive operational efficiencies. To help with such efforts, Amazon Web Services has completed the CyberGRX assessment of its security posture. CyberGRX security analysts perform the assessment and validate the results annually.

The CyberGRX assessment applies a dynamic approach to third-party risk assessment. This approach integrates advanced analytics, threat intelligence, and sophisticated risk models with vendors’ responses to provide an in-depth view of how a vendor’s security controls help protect against potential threats.

Vendor profiles are continuously updated as the risk level of cloud service providers changes, or as Amazon Web Services updates its security posture and controls. This approach eliminates outdated static spreadsheets for third-party risk assessments, in which the risk matrices are not updated in near real time.

In addition, Amazon Web Services customers can use the CyberGRX Framework Mapper to map Amazon Web Services assessment controls and responses to well-known industry standards and frameworks, such as National Institute of Standards and Technology (NIST) 800-53, NIST Cybersecurity Framework, International Organization for Standardization (ISO) 27001, Payment Card Industry Data Security Standard (PCI DSS), and U.S. Health Insurance Portability and Assessment Act (HIPAA). This mapping can reduce customers’ third-party supplier due-diligence burden.

Customers can access the Amazon Web Services CyberGRX report at no additional cost. Customers can request access to the report by completing an access request form, available on the Amazon Web Services CyberGRX page .

As always, we value your feedback and questions. Reach out to the Amazon Web Services Compliance team through the Contact Us page . If you have feedback about this post, submit comments in the Comments section below. To learn more about our other compliance and security programs, see Amazon Web Services Compliance Programs .

Want more Amazon Web Services Security news? Follow us on Twitter .

Naranjan Goklani

Naranjan Goklani

Naranjan is a Security Audit Manager at Amazon Web Services, based in Toronto (Canada). He leads audits, attestations, certifications, and assessments across North America and Europe. Naranjan has more than 13 years of experience in risk management, security assurance, and performing technology audits. Naranjan previously worked in one of the Big 4 accounting firms and supported clients from the financial services, technology, retail, ecommerce, and utilities industries.

The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.