How to get your AWS account Cyber Essentials certified

As cloud and DevOps experts, one of the questions we hear from our clients often is: “Is my AWS account in scope of Cyber Essentials or Cyber Essentials Plus certifications?”

The answer is: Yes, most likely.

While the in-scope definition of ‘Servers’ within the Cyber Essentials certification is limited to servers that provide an interactive desktop-environment to your internal users, you will need to demonstrate that sufficient controls and processes are in place for any server where you are in charge of security patching. Virtual machines running as Amazon EC2 instances therefore are in scope of the Cyber Essentials certification.

Certain services available in AWS fall outside the scope of the certification process. This is the case particularly for their Platform-as-a-Service and ‘serverless’ offerings, where Amazon is in charge of maintaining security patches and updates. Refactoring your server infrastructure to use these services will often improve the overall security of your product, and can make achieving a Cyber Essentials certification considerably easier.

Cyber Essentials and Cyber Essentials Plus are the Government-backed schemes that help you demonstrate your commitment to cyber security, and guard against the most common digital security threats.

Need assistance preparing your AWS account? We're here to help streamline the certification process.