Menu Close
  • Home
  • Amazon Web Services (AWS) at U-M
    •

Amazon Web Services (AWS) at U-M

0 Comments

Amazon Web Services (AWS) at U-M

You are responsible for ensuring that your use of this service complies with laws, policies, and regulations where applicable. See Compliance below for details.

Permitted

Permitted with IA Consultation

Not Permitted

Service Description

U-M offers access to Amazon Web Services (AWS) under a University of Michigan enterprise agreement. AWS provides a variety of cloud-based infrastructure services (storage, database, compute) that the U-M community may choose to consume under a U-M master account.

Compliance

The U-M offering of Amazon Web Services (AWS) is an ISO 27001-certified, university contracted-for service. It provides a secure environment within which to maintain or share the university’s sensitive unregulated data.

In addition, the U-M offering of AWS provides an environment that is compliant with regulations for some types of sensitive regulated data. AWS has achieved FedRAMP compliance status. It has also received Federal Information Security Management Act (FISMA) Moderate Authorization and Accreditation for the following services (which are part of the U-M offering of AWS), as long as the region where the data is housed is in the United States (you can request specific regions when you set up your account in Amazon Web Services):

  • Amazon Elastic Compute Cloud (Amazon EC2). If your data is classified at the High or Moderate level, we recommend that you use a Center for Internet Security (CIS)-compliant image to build your instance. Select this in the console under third-party-provided images.
  • Amazon Elastic Block Storage (Amazon EBS)
  • Amazon Simple Storage Service (Amazon S3)
  • Amazon Virtual Private Cloud (Amazon VPC)

Social Security numbers should only be used where required by law or where they are essential for university business processes. Information Assurance (IA) can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you. (Contact IA via the ITS Service Center.)

Keep in mind that compliance is a shared responsibility. You must also take any steps required by your role or unit to comply with relevant regulatory requirements.

Source:

https://safecomputing.umich.edu/dataguide/?q=node/195

Related posts:

man-giving-business-presentation-using-high-technology-digital-pen_53876-104783-3217653ISO 27001 Trust | Compliance img_60954616cc18eISO 27001 and Cloud Computing: What’s all the fuss about? rectangle-4544904AWS First Cloud Provider to Achieve ISO 27017 Certification img_60940948c0849ISO/IEC 27001: 2013 Information Security Management Standards

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *