Compliance Validation for Amazon ElastiCache - Amazon ElastiCache
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Compliance Validation for Amazon ElastiCache

Third-party auditors assess the security and compliance of Amazon services as part of multiple Amazon compliance programs, such as SOC, PCI, FedRAMP, and HIPAA.

To learn whether an Amazon Web Service is within the scope of specific compliance programs, see Amazon Web Services in Scope by Compliance Program and choose the compliance program that you are interested in. For general information, see Amazon Web Services Compliance Programs.

You can download third-party audit reports using Amazon Artifact. For more information, see Downloading Reports in Amazon Artifact.

Your compliance responsibility when using Amazon Web Services is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. Amazon provides the following resources to help with compliance:

  • Security and Compliance Quick Start Guides – These deployment guides discuss architectural considerations and provide steps for deploying baseline environments on Amazon that are security and compliance focused.

  • Amazon Compliance Resources – This collection of workbooks and guides might apply to your industry and location.

  • Evaluating Resources with Rules in the Amazon Config Developer Guide – The Amazon Config service assesses how well your resource configurations comply with internal practices, industry guidelines, and regulations.

  • Amazon Security Hub – This Amazon Web Service provides a comprehensive view of your security state within Amazon that helps you check your compliance with security industry standards and best practices.

Self-Service Security Updates for Compliance

ElastiCache offers a self-service software update feature called Service Updates via the Console, API and CLI. Using this feature, you can manage security updates on your clusters on-demand and in real-time. This feature allows you to control when you update clusters with the latest required security fixes, minimizing the impact on your business.

Security updates are released via the Service Updates feature. They are specified by the Update Type field of value security update. The Service Update has corresponding Severity and Recommended Apply by Date fields. In order to maintain compliance of your clusters, you must apply the available updates by the Recommended Apply by Date. The field SLA Met reflects your cluster’s compliance status.

Note

If you do not apply the Service Update by the recommended date or when the Service Update expires, ElastiCache will not take any action to apply the update on your behalf.

You will be notified of the Service Updates applicable to your Redis clusters via an announcement on the Redis console, email, Amazon SNS, CloudWatch events and Amazon Health Dashboard. For more information on Self-Service Maintenance see Service updates in ElastiCache for Memcached.

 

CloudWatch events and Amazon Health Dashboard are not supported in the following regions:

  • us-gov-west-1

  • us-gov-east-1

  • cn-north-1

  • cn-northwest-1

HIPAA Eligibility

The Amazon HIPAA Compliance program includes Amazon ElastiCache for Memcached as a HIPAA eligible service.

To use ElastiCache for Memcached in compliance with HIPAA, you need to set up a Business Associate Agreement (BAA) with Amazon. In addition, your cluster and the nodes within your cluster must satisfy the requirements for engine version, node type, and data security listed following.

Requirements

To enable HIPAA support on your ElastiCache for Memcached cluster, your cluster and nodes within the cluster must satisfy the following requirements.

  • Engine version requirements – Your cluster must be running engine version 1.16.12 to qualify for HIPAA eligibility.

  • Node type requirements – Your cluster must be running a current-generation node type. For more information, see the following:

  • Data security requirements – Your cluster must enable in-transit encryption. For more information, see ElastiCache in-transit encryption (TLS),

  • Security Updates Requirement – You must update your Memcached cluster with the latest Service Updates of type security by the Recommended Apply by Date. You can update the cluster in real-time and on-demand to ensure no impact to your business. For more information, see Service updates in ElastiCache for Memcached

By implementing these requirements, ElastiCache for Memcached can be used to store, process, and access Protected Health Information (PHI) in compliance with HIPAA.

For general information about Amazon Cloud and HIPAA eligibility, see the following: