Manage compliance for Amazon Managed Microsoft AD - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Manage compliance for Amazon Managed Microsoft AD

You can use Amazon Managed Microsoft AD to support your Active Directory–aware applications, in the Amazon Cloud, that are subject to the following compliance requirements. However, your applications will not adhere to compliance requirements if you use Simple AD.

Supported compliance standards

Amazon Managed Microsoft AD has undergone auditing for the following standards and is eligible for use as part of solutions for which you need to obtain compliance certification.

FedRamp Logo

Amazon Managed Microsoft AD meets Federal Risk and Authorization Management Program (FedRAMP) security requirements and has received a FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) at the FedRAMP Moderate and High Baseline. For more information about FedRAMP, see FedRAMP compliance.

PCI Logo

Amazon Managed Microsoft AD has an Attestation of Compliance for Payment Card Industry (PCI) Data Security Standard (DSS) version 3.2 at Service Provider Level 1. Customers who use Amazon products and services to store, process, or transmit cardholder data can use Amazon Managed Microsoft AD as they manage their own PCI DSS compliance certification.

For more information about PCI DSS, including how to request a copy of the Amazon PCI Compliance Package, see PCI DSS level 1. Importantly, you must configure fine-grained password policies in Amazon Managed Microsoft AD to be consistent with PCI DSS version 3.2 standards. For details on which policies must be enforced, see the section below titled Enable PCI Compliance for Your Amazon Managed Microsoft AD Directory.

HIPPA Logo

Amazon has expanded its Health Insurance Portability and Accountability Act (HIPAA) compliance program to include Amazon Managed Microsoft AD as a HIPAA eligible service. If you have an executed Business Associate Agreement (BAA) with Amazon, you can use Amazon Managed Microsoft AD to help build your HIPAA-compliant applications.

Amazon offers a HIPAA-focused whitepaper for customers who are interested in learning more about how they can leverage Amazon for the processing and storage of health information. For more information, see HIPAA compliance.

Shared responsibility

Security, including FedRAMP, HIPAA and PCI compliance, is a shared responsibility. It is important to understand that Amazon Managed Microsoft AD compliance status does not automatically apply to applications that you run in the Amazon Cloud. You need to ensure that your use of Amazon services complies with the standards.

For a complete list of all the various Amazon compliance programs that Amazon Managed Microsoft AD supports, see Amazon services in scope by compliance program.

Enable PCI compliance for your Amazon Managed Microsoft AD directory

To enable PCI compliance for your Amazon Managed Microsoft AD directory, you must configure fine-grained password policies as specified in the PCI DSS Attestation of Compliance (AOC) and Responsibility Summary document provided by Amazon Artifact.

For more information about using fine-grained password policies, see Manage password policies for Amazon Managed Microsoft AD.