Compliance Validation for Amazon S3 Glacier - Amazon S3 Glacier
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

If you're new to archival storage in Amazon Simple Storage Service (Amazon S3), we recommend that you start by learning more about the S3 Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. For more information, see S3 Glacier storage classes and Storage classes for archiving objects in the Amazon S3 User Guide.

Compliance Validation for Amazon S3 Glacier

The security and compliance of Amazon S3 Glacier (S3 Glacier) is assessed by third-party auditors as part of multiple Amazon compliance programs, including the following:

  • System and Organization Controls (SOC)

  • Payment Card Industry Data Security Standard (PCI DSS)

  • Federal Risk and Authorization Management Program (FedRAMP)

  • Health Insurance Portability and Accountability Act (HIPAA)

Amazon provides a frequently updated list of Amazon services in scope of specific compliance programs at Amazon Services in Scope by Compliance Program.

Third-party audit reports are available for you to download using Amazon Artifact. For more information, see Downloading Reports in Amazon Artifact in the Amazon Artifact User Guide.

For more information about Amazon compliance programs, see Amazon Compliance Programs.

Your compliance responsibility when using S3 Glacier is determined by the sensitivity of your data, your organization’s compliance objectives, and applicable laws and regulations. If your use of S3 Glacier is subject to compliance with standards like HIPAA, PCI, or FedRAMP, Amazon provides resources to help:

  • S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specify controls such as “write once read many” (WORM) in a vault lock policy and lock the policy from future edits. After the policy is locked, it can no longer be changed. Vault lock policies can help you comply with regulatory frameworks such as SEC17a-4 and HIPAA.

  • Security and Compliance Quick Start Guides discuss architectural considerations and steps for deploying security- and compliance-focused baseline environments on Amazon.

  • Architecting for HIPAA Security and Compliance outlines how companies use Amazon to help them meet HIPAA requirements.

  • The Amazon Well-Architected Tool (Amazon WA Tool) is a service in the cloud that provides a consistent process for you to review and measure your architecture using Amazon best practices. The Amazon WA Tool provides recommendations for making your workloads more reliable, secure, efficient, and cost-effective.

  • Amazon Compliance Resources provide several different workbooks and guides that might apply to your industry and location.

  • Amazon Config can help you assess how well your resource configurations comply with internal practices, industry guidelines, and regulations.

  • Amazon Security Hub provides you with a comprehensive view of your security state within Amazon and helps you check your compliance with security industry standards and best practices.