From the course: Certificate of Cloud Security Knowledge (CCSK) Cert Prep
Join today to access over 25,500 courses taught by industry experts.
Audit inheritance and artifacts
From the course: Certificate of Cloud Security Knowledge (CCSK) Cert Prep
Audit inheritance and artifacts
- [Instructor] Let's take a look at how audit inheritance behaves. Imagine you're a cloud service consumer, with several US federal agencies as clients, using the services that you build on an AWS infrastructure. Let's say that your clients require you to utilize a Federal Information Processing Standards provider that uses a secure hash algorithm for the Linux user space. During the filming of this video, Amazon is listed on the NIST FIPS website as such a provider. From a compliance perspective, if your government client needed that FIPS compliance, and you were using AWS to build out their environment, then your service provider possesses a compliance service passed to you as a customer. This is a concept known as compliance inheritance. Compliance at the consumer level can be maintained as long as the audit scope remains consistent with that of the provider. New or varied services created by the client that fall out of scope may not be compliant, and need its own audit. Compliance…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.