Transcription of の標準化アーキテクチャ の保証フレームワーク用 AWS での …
1 AWS NIST .. AWS NIST .. AWS NIST : . Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS NIST.
2 Table of Contents .. 1.. 3.. 4. Enterprise Accelerator - Compliance .. 4. NIST .. 4.. 5. AWS .. 8.. 8.. 9.. 9. AWS CloudFormation .. 10. AWS CloudFormation .. 10.. 10.. 13. Amazon S3 .. 13.. 13. AWS CLI .. 13. Amazon S3 URL .. 13.. 14.. 14.. 14. AWS .. 14.. 14.. 16.. 17.. 17.. 19. AWS Config .. 20.. 23.. 23. 1. AWS .. 23. 2.. 24. 3. Test .. 28.. 31.. 32. AWS Service Catalog .. 33.. 34. : .. 35.. 36.. 37.. 38.. 38. iii AWS NIST .. AWS NIST .. : .. AWS Enterprise Accelerator Compliance . AWS Envision AWS AWS .. 2016 1 ( (p.))
3 38): 2016 12 ).. (AWS) .. (NIST) SP 800-53 ( 4). NIST SP 800-171. OMB Trusted Internet Connection (TIC) Initiative FedRAMP Overlay ( ). DoD Cloud Computing Security Requirements Guide (SRG). AWS CloudFormation .. AWS Enterprise Accelerator - Compliance .. (MSP) .. Linux .. (p. 10) .. NIST (p. 14) AWS . 2 (p. 5) . AWS GovCloud (US-West) . AWS GovCloud (US-West) . 30 AWS AWS NIST . (p. 4) (p. 17) . (p. 23) . 1. AWS NIST .. (p. 10) . (Microsoft Excel ) .. NIST TIC DoD Cloud SRG AWS CloudFormation . AWS. 1 . 1: .. AWS Enterprise Accelerator Compliance.
4 2. AWS NIST .. AWS . AWS . AWS AWS .. 3. AWS NIST .. Enterprise Accelerator - Compliance .. AWS Enterprise Accelerator - Compliance .. AWS Enterprise Accelerator - Compliance . AWS . AWS .. AWS Service Catalog AWS CloudFormation . NIST SP 800-53 NIST SP 800-171 FedRAMP TIC Overlay ( ) DoD Cloud SRG.. NIST .. NIST SP 800-53 ( 4). NIST SP 800-171. OMB TIC Initiative - FedRAMP Overlay ( ). DoD Cloud Computing SRG. NIST SP 800-53 [1] . [2] . ( ) .. NIST SP 800-53 .. NIST SP 800-171 (CUI) . CUI CUI (FAR) . [3] CUI . NIST SP 800-171 3 NIST SP 800-53.
5 OMB Trusted Internet Connection (TIC) Initiative Internet Points of Presence (Point of Presence) . (USG) . [4] TIC . TIC . NIST SP 800-53 TIC Federal Risk and Authorization Management Program (FedRAMP) - TIC Overlay 2015 5 . 4. AWS NIST .. GSA DHS AWS FedRAMP-TIC Overlay ( ) . FedRAMP TIC. Overlay AWS GSA DHS . TIC Overlay . AWS TIC . DoD (SRG) DoD . [5] . (CSO) DoD . (CSP) 2014 8 AWS. DoD 4 P-ATO (Provisional Authorization to Operate). CSP 1 AWS DoD . (AO) ATO (Authorization to Operate) . P-ATO . [1] NIST Special Publication 800-53 ( 4) Security and Privacy Controls for Federal Information Systems and Organizations 2013 4 [2] Federal Information Security Management Act (40 Sec.)
6 11331). [3] NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations 2015 6 [4] Memorandum M-08-05 Implementation of Trusted Internet Connections (TIC) 2007 11 20. [65] Department of Defense Cloud Computing Security Requirements Guide 2016 3 18. AWS .. AWS Linux . 2 3 . Note Microsoft PowerPoint .. 5. AWS NIST .. 2: VPC ( VPC ) 3 . 6. AWS NIST .. 3: VPC .. AWS Identity and Access Management (IAM) (IAM) .. Amazon Virtual Private Cloud (Amazon VPC) AZ.
7 ( ).. Amazon Simple Storage Service(Amazon S3) . Amazon Elastic Compute Cloud (Amazon EC2) Amazon VPC.. Amazon EC2 Auto Scaling Elastic Load Balancing 3 Linux . / .. Amazon EC2 Secure Shell (SSH) . AZ Amazon Relational Database Service (Amazon RDS) MySQL . AWS CloudTrail Amazon CloudWatch AWS Config .. 7. AWS NIST .. AWS . AWS . AWS AWS . (AWS AWS ) . AWS CloudTrail - AWS CloudTrail AWS API ID . IP CloudTrail .. Amazon CloudWatch - Amazon CloudWatch AWS AWS . CloudWatch . AWS .. AWS Config - AWS Config AWS . AWS Config.
8 AWS Config AWS . Note AWS Config AWS . AWS . Amazon EBS - Amazon Elastic Block Store (Amazon EBS) AWS Amazon EC2 .. Amazon EBS . Amazon EBS .. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) . Amazon (AMI) .. Elastic Load Balancing - Elastic Load Balancing EC2 .. Amazon S3 Glacier - Amazon S3 Glacier . SSL. Glacier .. Amazon RDS - Amazon Relational Database Service (Amazon RDS) AWS .. MySQL MariaDB PostgreSQL Oracle Microsoft SQL Server Amazon Aurora .. MySQL . Amazon VPC - Amazon Virtual Private Cloud (Amazon VPC) AWS.
9 AWS . IP .. AWS .. AZ . 8. AWS NIST .. / .. (ACL) .. IAM .. S3 ( ). Auto Scaling . HTTPS Elastic Load Balancing (ELB) . Amazon RDS .. AWS ( . ) . (AWS CloudFormation ) .. Cost AWS .. AWS CloudFormation .. AWS AWS .. 9. AWS NIST .. AWS CloudFormation . AWS CloudFormation . AWS CloudFormation AWS . JSON (JavaScript Object Notation) YAML AWS AWS. Command Line Interface(AWS CLI) AWS CloudFormation API . ( ) AWS CloudFormation . AWS . AWS AWS CloudFormation AWS AWS .. AWS CloudFormation . AWS CloudFormation 1 .. AWS CloudFormation.
10 AWS CloudFormation AWS. CloudFormation API AWS CLI . AWS CloudFormation AWS CloudFormation .. AWS CloudFormation Linux (p. 5) . 7 (IAM VPC . VPC NAT ) . AWS .. ( . GovCloud . ) . IAM . IAM . ( ) .. AWS Config . ( ) . 10. AWS NIST .. AWS. CloudTrail S3 .. CloudTrail . Amazon CloudWatch .. VPC NAT . NAT . ( ) .. ( ACL) .. Amazon VPC.. VPC VPC VPC . Amazon VPC . ( ) .. NAT .. ( . ACL) .. IAM VPC . AWS Config VPC . ( ) . NAT VPC . VPC . ( ) . NAT . AWS . NAT EC2 .. VPC . EC2 . ( ) Amazon RDS . HTTPS Elastic Load Balancing Amazon CloudWatch Auto Scaling.
