Nomad and AWS Compliance
How Nomad and Amazon Web Services combine to deliver compliance with industry information standards
AWS provides compliance.
Amazon Web Services provides broad and deep information security capabilities for data protection, identity & access management, network & application protection, threat detection & continuous monitoring.
Nomad applies your requirements.
The baseline Nomad configuration meets AWS best-practices for system security. We’ll take any additional requirements you have for security and compliance and ensure your Nomad installation is built to your specifications.
AWS Support for Standards Compliance
AWS actively maintains its services in compliance with many industry-accepted standards. AWS provides direct access to its documentation of its compliance and privacy coverage on its Compliance Offerings and Compliance Resources pages.
In particular, AWS’ Services in Scope page provides a full breakdown of its services’ compliance with various standards, including roadmaps for future compliance.
Industry-standard information security frameworks including ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 9001:2015, HITRUST, CSA Star and others
United States federal information security standards, including FedRAMP, FIPS 140-2, NIST 800-171 and others
Payment transaction security standards such as Payment Card Industry – Data Security Standard (PCI-DSS)
Health care privacy standards, including Health Information Portability and Accessibility Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
User and data privacy standards such as General Data Privacy Regulation (GDPR)
Nomad's Support for Standards Compliance
Nomad is deployed in a Virtual Private Container (VPC) ensuring Nomad has a well-defined system perimeter
Authenticated, authorized and encrypted internal system communications
Authenticated, authorized and encrypted external connections (including API connections) out of the box)
Data encryption at rest (on request)
Dedicated, customer-managed AWS account
MFA-secured root user and dedicated IAM users with role-based permissions
Assigned Nomad Global Administrator and customer-defined Admin users with MFA available
SSO (Single Sign-On) configured to port users, roles and permissions from customer systems (if desired)
Nomad customers can count on having their compliance requirements fulfilled. Nomad is an AWS Advanced Solution Provider; a certified expert at implementing Amazon Web Services in accordance with customer requirements, including compliance requirements.
In addition, the Nomad Platform ships with an AWS Well-Architected configuration out of the box. This configuration applies AWS’ recommended provisions for security, performance and operability to all default Nomad Platform installations, ensuring Nomad is well-prepared to support any additional compliance requirements customers may have.
Frequently-Asked Questions (FAQ)
Does the Nomad Platform meet the standards we must comply with?
This is the key question for all customers under compliance requirements. The answer is "Amazon Web Services actively meets comprehensive industry standards. Nomad's value is in providing the way for your company to use AWS without a laborious and expensive development effort devoted to that purpose".
Does Nomad as a company provide compliance documentation?
AWS maintains excellent public documentation of their compliance with standards (see the links above). Nomad maintains business documentation to support its own compliance with standards, such as an information security policy, background checks, Nomad system documentation, etc.
How can we determine if Nomad + AWS can meet the external and internal requirements for our company?
Just request a demo! The button is on the top and bottom of every page. We'll be happy to listen to your company's needs and help you map them to the support provided by AWS and Nomad. (The demo also includes a walkthrough of the Nomad Platform, and we highly recommend taking a look to see how much value we bring to your use of AWS.)