By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Penetration Testing

1

I was asked by a customer how often does AWS perform penetration testing as part of their compliance for SOC and ISO27001. I couldn't find this in the SOC compliance report. Can you share this information ?

Topics
Security, Identity, & Compliance
Tags
Security, Identity, & Compliance
Language
English
dannyb
asked 3 months ago152 views
2 Answers
2

Hi,

Did you check the reports available in https://aws.amazon.com/artifact/ ?

That's probably where you have the best chance to find this kind of information.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 3 months ago
profile picture
EXPERT
Gary Mclean
reviewed 3 months ago
1

I often get questions like this from customers: "How [often] does AWS do <insert thing here> to comply with <insert compliance program here>".

The answer is that we do those things in a way and as often as is required to be compliant with the program. There is no specific answer that we can provide to either the "how" or "how often" or even "what" question - that's up to use and our auditors to ensure that we are compliant.

The best place to find information about this is to look at the compliance program documentation - in there you'll find the answer to "how can you be compliant with this program" and that's what we do.

This sounds a bit evasive and isn't intended that way - but it's how organisations reach a state of compliance - by proving to their auditors that they have met the requirements of the program.

profile pictureAWS
EXPERT
Brettski-AWS
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content