CyberVadis

CyberVadis is a comprehensive third-party risk assessment process that combines the speed and scalability of automation with the certainty of analyst validation. CyberVadis assessments employ a dynamic and comprehensive approach to third-party risk assessment, replacing outdated static spreadsheets and eliminating the need for annual AWS assessment access requests. This cloud-based solution provides advanced capabilities by integrating AWS responses with analytics and sophisticated risk models to deliver an in-depth view of AWS' security posture.

Customers can leverage AWS' CyberVadis report and scorecard to reduce their supplier due diligence burden.

AWS Customers can continue to leverage the CyberVadis assessment to perform their supplier due diligence process on AWS.

Customers can request the latest assessment report directly via the CyberVadis website or download it via AWS Artifact.

CyberVadis' risk assessment methodology evaluates 20 topics covering the entire cybersecurity life cycle across four phases: Identify, Protect, Detect, and React. These topics include Data Privacy, Access Management, and Infrastructure Security. The assessment criteria are based on international information security standards, including ISO 2700x, NIST Cybersecurity Framework, Cybersecurity for ICS, PCI DSS, and GDPR.

Customers can use CyberVadis to map AWS' assessment to commonly used industry frameworks and standards, gaining instant visibility into controls coverage.

AWS' CyberVadis assessment and evidence validation are updated annually.