AWS Penetration Testing

Hi,

Did you check the reports available in https://aws.amazon.com/artifact/ ?

That's probably where you have the best chance to find this kind of information.

Best,

Didier

I often get questions like this from customers: "How [often] does AWS do <insert thing here> to comply with <insert compliance program here>".

The answer is that we do those things in a way and as often as is required to be compliant with the program. There is no specific answer that we can provide to either the "how" or "how often" or even "what" question - that's up to use and our auditors to ensure that we are compliant.

The best place to find information about this is to look at the compliance program documentation - in there you'll find the answer to "how can you be compliant with this program" and that's what we do.

This sounds a bit evasive and isn't intended that way - but it's how organisations reach a state of compliance - by proving to their auditors that they have met the requirements of the program.