For more information on how to strengthen your security with AWS, visit us at:http://aws.amazon.com/financial-services

As part of our commitment to protecting your assets, all customers have access to services that strengthen security postures in the following areas: Identity and Access Management, Detective Control, Infrastructure Security, Data Protection, and Incident Response.

FinancialServices

AWS Security, Identity,and Compliance Offerings

CUSTOMERDATA

Identity and Access Management

Incident Response

Detective Control

Infrastructure Security

Data Protection

Identity and Access ManagementDefine, enforce, and manage user access policies across all engaged AWS services.

• AWS Directory Service: Integrate Active Directory-dependent workloads, such as Amazon EC2 for Microsoft Windows Server or Amazon RDS for SQL Server, custom .NET applications, and AWS Enterprise with Microsoft Active Directory.

• AWS Identity and Access Management (IAM): Control users' access to and usage of AWS. Create and manage users and groups and grant or deny access. Enforce strong authorization and authentication.

• AWS Organizations: Centrally manage the creation and policies applied to multiple AWS accounts.

Detective Control Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment.

• AWS CloudTrail: Enable governance, compliance, operational auditing, and risk auditing of your AWS account. Log, continuously monitor, and retain events related to API calls across your AWS infrastructure.

• AWS Config: Facilitate resource inventory, configuration history, and configuration change notifications to enable security and governance.

• Amazon CloudWatch: Monitor AWS cloud resources and applications running on AWS, collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes to your AWS resources.

Data Protection In addition to our automatic data encryption and management services, employ more features for data protection (including data management, data security, and encryption key storage).

• AWS CloudHSM (Cloud Hardware Security Model): Meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module appliances.

• AWS Key Management Service (KMS): Create and control the encryption keys used to encrypt your data.

FinancialServices

Infrastructure SecurityWe offer capabilities to manage and increase privacy for and control of your overall infrastructure on AWS.

• Amazon EC2 Systems Manager: Helps you automatically manage inventory, apply OS patches, create secure system images, and configure secure operating systems.

• AWS Certificate Manager: Provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.

• AWS Shield: Thwart DDoS attacks by configuring select AWS services to build a solution or employ our DDoS-dedicated managed service.

• AWS Web Application Firewall (WAF): Protect your web applications from common web exploits that could impact availability, security, and resources.

• Amazon Inspector: Employ automated security assessments that help improve the security and compliance of applications deployed on AWS.

• Amazon Virtual Private Cloud (VPC): Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define.

Incident Response During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice.

• AWS Config Rules: Allows you to create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known-good state.

• AWS Lambda: Use our serverless compute service to scale your programmed, automated response to incidents.