APN Partner Central

AWS Managed Security Service Provider Competency

Service Offering Validation Checklist

Validity Period: February 2025-August 2025

This version of the checklist was released on February 14th, 2025. The next version of this checklist is expected to be released in August 2025. AWS Partners may continue to use this version of the checklist until November 2025. Please review the change log for a list of changes (if any) since the previous version.

Self-assessment Spreadsheet

Introduction

The goal of the AWS Specialization Programs is to recognize AWS Partner Network Partners (“AWS Partners”) who demonstrate and maintain technical proficiency and proven customer success in specialized AWS Partner solution areas. The AWS Competency Partner Validation Checklist (“Checklist”) is intended for AWS Partners who are interested in applying for an AWS Specialization. This Checklist provides the criteria necessary to achieve the specialization as a consulting partner. AWS Partners undergo a technical validation of their capabilities upon applying for a specific specialization. AWS leverages in-house expertise and a third-party firm to facilitate the technical validation. AWS reserves the right to make changes to this document at any time and without notice.

Expectation of Parties

It is expected that AWS Partners will review this document in detail before applying for the AWS Competency Program, even if all of the prerequisites are met. If items in this document are unclear and require further explanation, please contact your AWS Partner Development Representative (“PDR”) or AWS Partner Development Manager “(PDM”) as the first step. Your PDR/PDM will contact the program office if further assistance is required.

AWS Partners should complete the Self-Assessment Spreadsheet linked at the top of this page, prior to submitting a program application. Once completed, AWS Partners must submit an application in APN Partner Central. Visit the AWS Competency Program guide for step-by-step instructions on how to submit an application.

AWS will review and aim to respond back with any questions within five business days to initiate scheduling of your technical validation or to request additional information.

AWS Partners should prepare for the technical validation by reading the Checklist, completing a self-assessment using the Checklist, and gathering and organizing objective evidence to share with the reviewer on the day of the technical validation.

AWS recommends that AWS Partners have individuals who are able to speak in-depth to the requirements and the customer examples during the technical validation. The best practice is for the AWS Partner to make the following personnel available for the technical validation: one or more highly-technical AWS certified engineers/architects in the area of competency specialty, an operations manager who is responsible for the operations and support elements, and a business development executive to conduct the overview presentation.

AWS may revoke an AWS Partner’s Competency designation if, at any time, AWS determines in its sole discretion that such AWS Partner does not meet its AWS Competency Program requirements. If an AWS Partner’s AWS Competency designation is revoked, such AWS Partner will (i) no longer receive benefits associated with its designation, (ii) immediately cease use of all materials provided to it in connection with the applicable AWS Competency designation and (ii) immediately cease to identify itself as a member of the AWS Competency.

AWS Partners should ensure that they have the necessary consents to share with the auditor (whether AWS or a third-party) all information contained within the objective evidence or any demonstrations prior to scheduling the audit.

AWS Managed Security Service Provider (MSSP) Competency Definition

The AWS MSSP Competency recognizes AWS Partners who have demonstrated technical proficiency and proven customer success in delivering comprehensive managed security services on AWS. These partners provide end-to-end security, compliance, and risk management solutions to customers, leveraging AWS native services and validated third-party tools.

Partners will be validated in their ability to deliver a category aligned outcome, and their ability to use native AWS security services. Additionally, partners will have an opportunity to differentiate by validating their use of third party ISV offerings in their solutions.

AWS MSSP Competency Partners must demonstrate:

  1. Core MSSP Capabilities

    • Continuous security monitoring and incident response
    • Multi-account security architecture management
    • Log management and analysis
    • Access management and governance
    • Resource inventory and configuration management
    • AWS security best practices implementation
    • Compliance monitoring and reporting
    • AWS security expertise and certifications

  2. Specialized Security Expertise

    Partners must validate their ability to deliver comprehensive security outcomes in their chosen category(ies) through both AWS native services and optionally through validated AWS Security Competency ISV Partner solutions.

    Partners must demonstrate expertise in at least one of the following categories:

    • Infrastructure Security
      Comprehensive protection of AWS infrastructure components, including network security, vulnerability management, and security configuration management.

    • Workload Security
      Advanced security controls for AWS workloads, encompassing traditional instances, containers, and serverless compute environments.

    • Application Security
      Security testing, runtime protection, and DevSecOps integration for applications running on AWS, including APIs and web applications.

    • Data Protection
      Comprehensive data security capabilities including encryption, data loss prevention, sensitive data discovery, and AI/ML security controls.

    • Identity & Access Management
      Advanced identity governance, privileged access management, and identity security across AWS environments.

    • Incident Response
      NIST-aligned incident handling capabilities covering preparation, detection and analysis, containment, eradication, recovery, and post-incident activities.

    • Cyber Recovery
      Strategic planning, architecture, and execution of recovery from cyber incidents, focusing on maintaining business operations through secure backup and restoration capabilities.

  3. AWS Security Proficiency

    • Deep expertise in AWS security and governance services
    • Adherence to the AWS Security Reference Architecture (AWS SRA) framework
    • Integration of AWS security best practices
    • Continuous adoption of new AWS security capabilities
    • Implementation of Well-Architected Security Pillar

  4. Service Delivery Excellence

    • Proven ability to deliver managed security services at scale
    • Demonstrated customer success
    • Consistent service quality and customer satisfaction
    • Continuous improvement of customer security posture

  5. Multicloud Support

    AWS recognizes that some customers operate in multicloud environments. MSSP partners who offer multicloud support can differentiate themselves by providing evidence of this capability. Partners supporting multicloud environments should clearly indicate this in their application and provide public-facing proof of their multicloud expertise.

    AWS MSSP Competency Partners are uniquely positioned to help customers:

    • Establish and maintain an robust multi-account security architecture
    • Establish and maintain robust security operations
    • Enhance their security posture through continuous monitoring and improvement
    • Maintain compliance with regulatory requirements
    • Effectively manage security risks in their AWS environments
    • Respond to and recover from security incidents

    Note: Detailed requirements for each of these areas, including specific capabilities, evidence requirements, and AWS services expertise, are provided in subsequent sections of this document. Partners should review all requirements thoroughly before beginning the application process.

    Key Terms and Definitions

    • AWS Security Services: Primary security services provided by AWS for protecting workloads and data.

    • Managed Security Service Provider (MSSP): A partner who provides managed security services to customers on AWS.

    • Core Requirements: Fundamental security capabilities required of all MSSP partners. Example: Continuous Security Monitoring and Response

    • Specialized Requirements: Advanced security capabilities in specific domains. Example: Workload Security

    • Service Capability: A specific security function or feature provided to customers. Example: Cloud-Native Security

    • Evidence: Documentation, configurations, and demonstrations that prove capability.

    • Validation: The process of verifying partner capabilities against requirements.

AWS Managed Security Service Provider Competency Program Prerequisites

The following items will be validated by the AWS Competency Program Manager; missing or incomplete information must be addressed prior to scheduling of the technical validation.

  1. 1.0APN Program Membership

    1. 1.1Program Guidelines

      The AWS Partner must read the Program Guidelines and Definitions before applying to the Managed Security Service Provider Competency Program. Click here for Program details.

    2. 1.2Services Path Membership

      Partner must be at the Validated or Differentiated stage within the Services Path. Partners should talk to their PDR/PDM about how to join the Services Path.

    3. 1.3AWS Partner Tier

      Partner must be an AWS Advanced or Premier Tier Partner.

  2. 2.0Example AWS Customer Deployments

    1. 2.1Production AWS Customer Case Studies

      AWS Partner must privately share with AWS details about four (4) unique examples of Managed Security Service Provider projects executed for four (4) unique AWS customers. Each case study must demonstrate:

      • Implementation of core MSSP requirements
      • Implementation of at least one specialized security domain
      • Established security architecture that demonstrates integration of AWS security services across a multi-account environment
      • Measurable customer outcomes

      Required case study components:

      1. Customer challenge and requirements
      2. Solution and security architecture and implementation
      3. AWS services utilized
      4. Security outcomes and metrics
      5. Customer satisfaction and testimonials (if available)
      6. ACE opportunity ID

      In addition to the required case study details provided in AWS Partner Central, the partner must also provide architecture diagrams of the specific customer deployment and information listed in the technical requirements sections of this validation checklist.

      The information provided for these case studies will be used by AWS for validation purposes only. AWS Partner is not required to publish these details publicly.

      AWS Partner can reuse the same case study across different AWS Specialization designations as long as the case study and implementation scope are relevant to those designations. The partner should make sure the existing case study clearly explains the relevance to each designation they are applying for.

      AWS will accept one case study per customer. Each customer must be a separate legal entity to qualify. AWS will not accept a case study for an internal or affiliate company of the partner.

      All case studies must describe deployments that have been performed within the past 18 months and must be for projects that are in production with customers, rather than in a ‘pilot’ or proof of concept stage.

      All case studies provided will be examined in the Documentation Review of the Technical Validation. The partner offering will be removed from consideration if the partner cannot provide the documentation necessary to assess all case studies against each relevant validation checklist item, or if any of the validation checklist items are not met.

    2. 2.2Publicly Available Case Studies

      At least two (2) of the provided case studies must be publicly available examples describing how the AWS Partner used AWS to help solve a specific customer challenge related to Managed Security Service Provider. These publicly available examples may be in the form of formal customer case studies, white papers, videos, or blog posts. The partner will provide the publicly available URL (published by the partner) in the AWS Partner Central "Case Study URL' field, which must include the following details:

      • AWS Customer name
      • AWS Partner name
      • AWS Customer challenge that aligns with the scope of the competency and selected category
      • Using both high-level and technical details, describe how AWS was leveraged as part of the AWS Partner solution
      • Outcome(s) and/or quantitative results

      Anonymized Public Case Studies

      In cases where the partner cannot publicly name customers due to the sensitive nature of the customer engagements, the partner may choose to anonymize the public case study. Anonymized public case study details will be published by AWS, but the customer name will remain private. The partner must provide the AWS Customer name in the ‘Company name’ field of the AWS Partner Central case study for validation purposes, but it will not be published by AWS. The case study fields that will be published to Partner Solutions Finder (PSF) by AWS include the ‘Title’, ‘Case Study Description’, and ‘Case Study URL’. The partner will provide the publicly available URL (published by the partner) in the AWS Partner Central‘Case Study URL’ field, which must include the following details:

      • AWS Customer description (e.g. a top 5 US retailer, a Fortune 500 financial institution, etc.)
      • AWS Partner name
      • AWS Customer challenge that aligns with the scope of the competency and selected category
      • Using both high-level and technical details, describe how AWS was leveraged as part of the AWS Partner solution
      • Outcome(s) and/or quantitative results

      For best practice on how to write an accepted Public case study, see the Public Case Study Guide.

    3. 2.3MSSP Case Studies

      For every category the AWS Partner selects to be validated for, the partner must provide one (1) case study that includes the requirements for the selected category. It is possible to use the same case study for multiple categories if the scope of the project allows. If the partner is applying for additional categories and the four (4) minimum required case studies do not collectively cover all applied-for categories, the partner will need to submit additional unique case studies executed for additional unique AWS customers.

  3. 3.0AWS Partner Self-Assessment

    1. 3.1AWS Partner Self-Assessment Checklist

      AWS Partner must conduct a self-assessment of their compliance to the requirements of the AWS Managed Security Service Provider - Consulting Partner Validation Checklist. A version of this Checklist is available in spreadsheet format. Links to the appropriate self-assessment spreadsheet can be found at the top of this page.

      • AWS Partner must complete all sections of the Self-Assessment Spreadsheet. For Competencies with multiple categories, AWS Partners will fill in details for the chosen application Category and mark other Categories as N/A.
      • Completed Self-Assessment Spreadsheet must be uploaded as an attachment to the Application prior to submitting in AWS Partner Central.
      • It is recommended that AWS Partner have their AWS Partner Solution Architect, Partner Development Representative (PDR), or Partner Development Manager (PDM) review the completed Self-Assessment Spreadsheet before submitting to AWS. The purpose of this is to ensure the AWS Partner’s AWS team is engaged and working to provide recommendations prior to the validation and to help ensure a positive validation experience.

AWS MSSP Competency Requirements

Partners will be validated in their ability to deliver a category aligned outcome, and their ability to use native AWS security services. Additionally, partners will have an opportunity to differentiate by validating their use of third party ISV offerings in their solutions.

Core MSSP Requirements

All partners must meet the following requirements to achieve the AWS MSSP Competency.

  • CORE-001 - Continuous Security Monitoring and Response

    Partner must demonstrate comprehensive capabilities for continuous, 24/7 security monitoring and incident response, including:

    • Automated security event detection, triage, and response
    • Integration with essential AWS security services following the AWS SRA framework:
      • Amazon GuardDuty
      • AWS Security Hub
      • Amazon Inspector
      • AWS Trusted Advisor
    • On-call incident response readiness
    • Defined escalation procedures and SLAs
    • Cross-account security monitoring
    • Customer communication protocols
    • Incident handoff procedures across time zones

    Evidence:

    1. Architecture Documentation
      1. Security monitoring and response architecture
      2. AWS security services integration design
      3. Event routing and notification system architecture
    2. Configuration Examples
      1. AWS security services setup and configuration
      2. Alert routing and automated response rules
      3. On-call notification system setup
    3. Process Documentation
      1. On-call rotation and coverage model
      2. Escalation matrices and SLAs
      3. Security monitoring procedures
      4. Incident response workflows
      5. Customer notification procedures
      6. Incident handoff protocols
    4. Demonstration
      1. Automated alert handling workflow
      2. On-call activation and response process
      3. Cross-account security monitoring capabilities
      4. Integration with AWS security services

    Note: This requirement can be met through a combination of automated systems (e.g., SIEM, SOAR, AWS native services) and on-call personnel, without the need for a traditional 24/7 staffed SOC.

  • CORE-002 - Multi-Account Security Management

    Partner must demonstrate capability to manage security across multiple AWS accounts using AWS Organizations, including:

    • Management account security controls
    • Member account security baseline
    • Organizational unit (OU) structure for security and log management following the AWS SRA framework
    • Service Control Policies (SCPs) and Resource Control Policies (RCPs) for security guardrails
    • Tag policies for resource governance
    • Account Factory for customized account provisioning
    • Recurring guardrails across all accounts implementation and management to enforce governance and baseline
    • Integration with AWS Control Tower Lifecycle Events

    Evidence:

    1. Architecture Documentation
      1. Multi-account security architecture using AWS Organizations
      2. Security baseline documentation
    2. Configuration Examples
      1. Implemented SCPs, RCPs, and tag policies
      2. Security baseline configurations
    3. Process Documentation
      1. Multi-account security monitoring procedures
      2. Account security baseline enforcement

  • CORE-003 - Log Management

    Partner must provide log management capabilities, including:

    • AWS service logs configuration:
      • AWS CloudTrail logs
      • Amazon CloudWatch Logs
      • VPC Flow Logs
    • Integration with Amazon Security Lake for centralized log storage and analysis
    • Log aggregation into Log Archive account
    • Log retention management
    • Log access controls
    • Log search and analysis capabilities

    Evidence:

    1. Architecture Documentation
      1. Log management architecture
      2. Log collection workflow
    2. Configuration Examples
      1. Log collection setup
      2. Retention policies
    3. Process Documentation
      1. Log management procedures
      2. Access control policies

  • CORE-004 - AWS Access Management

    Partner must implement secure access management for AWS accounts, including:

    • IAM policy management
    • Multi-factor authentication (MFA) enforcement
    • Temporary credential usage
    • Access reviews
    • Privileged access controls

    Evidence:

    1. Architecture Documentation
      1. Access management architecture
      2. Authentication workflows
    2. Configuration Examples
      1. IAM policies
      2. MFA configuration
    3. Process Documentation
      1. Access management procedures
      2. Access review process

  • CORE-005 - Resource Inventory and Configuration Management

    Partner must maintain inventory and configuration management of AWS resources, including:

    • Automated resource discovery using AWS Config
    • Resource configuration tracking
    • Fundamental AWS Config rules for security monitoring
    • Resource tagging strategy

    Evidence:

    1. Architecture Documentation
      1. Resource inventory and configuration tracking architecture
    2. Configuration Examples
      1. AWS Config setup
      2. AWS Config rules
      3. Resource tagging examples
    3. Process Documentation
      1. Resource discovery and tracking procedures
      2. Configuration change management process
    4. Demonstration
      1. Resource inventory reporting
      2. Configuration change detection

  • CORE-006 - AWS Security Best Practices

    Partner must implement foundational AWS security best practices, including:

    • AWS Foundational Security Best Practices (FSBP) standard in AWS Security Hub
    • Well-Architected Framework Security Pillar implementation
      • Identity and access management
      • Detection
      • Infrastructure protection
      • Data protection
      • Incident response
      • Application security
    • Security posture monitoring
    • Adherence to the AWS SRA framework
      • Multi-account and OU architecture
      • Use of appropriate AWS services and integrations
      • Deployment of services in the appropriate account type
      • Recurring guardrails with centralized governance

    Evidence:

    1. Configuration Examples
      1. AWS Security Hub FSBP implementation
      2. Security controls aligned with Well-Architected Framework
      3. Security architecture with OU, account structure, and AWS services placement and integration, recurring baseline services
    2. Process Documentation
      1. Security baseline procedures
      2. Remediation workflows

  • CORE-007 - Compliance Monitoring

    Partner must demonstrate compliance monitoring capabilities, including:

    • Implementation of compliance standards monitoring:
      • Minimum of two industry frameworks such as PCI DSS, HIPAA, ISO 27001, SOC 2, GDPR
    • Mapping of compliance requirements to AWS controls
    • Compliance posture monitoring
    • Compliance reporting capabilities
    • Remediation guidance for non-compliant resources

    Evidence:

    1. Architecture Documentation
      1. Compliance monitoring architecture
      2. Integration with AWS security services
    2. Configuration Examples
      1. Compliance standards configuration
      2. Compliance reporting setup
    3. Process Documentation
      1. Compliance monitoring procedures
      2. Remediation guidance for common compliance issues
    4. Demonstration
      1. Compliance dashboard and reporting
      2. Compliance assessment workflow

  • CORE-008 - Continuous Security Posture Improvement

    Partner must demonstrate capabilities for ongoing enhancement of customer security posture, including:

    • Customer Security Metrics and KPI Tracking:
      • Security posture scoring
      • Compliance status tracking
      • Risk level monitoring
      • Remediation progress measurement
    • Regular Customer Security Assessments:
      • AWS Security Hub benchmark analysis
      • Well-Architected security pillar reviews
      • AWS SRA review
      • Compliance gap assessments
      • Risk assessment updates
    • Security Service Enhancement:
      • Integration of new AWS security features for customers
      • Security architecture optimization recommendations
      • Security control effectiveness evaluation
      • Security roadmap development

    Evidence:

    1. Architecture Documentation
      1. Customer security assessment framework
      2. Security metrics collection and analysis architecture
    2. Configuration Examples
      1. Customer security dashboard implementation
      2. Security assessment tooling configuration
    3. Process Documentation
      1. Customer security review procedures
      2. Security improvement recommendation process
      3. Security roadmap development methodology
    4. Demonstration
      1. Customer security posture assessment
      2. Security improvement tracking
      3. Security recommendations delivery

  • CORE-009 - AWS Security Training and Certification

    Partner must maintain AWS security expertise through certifications, ongoing training, and communication channels:

    • AWS Certifications:
      • Minimum of 2 individuals with AWS Security - Specialty certification
      • Minimum of 3 individuals with AWS Certified Solutions Architect - Professional certification
      • Minimum of 5 individuals with AWS Solutions Architect - Associate certification

    Note: Individuals can hold multiple certifications, but each individual can only be counted once toward each certification requirement. For example, an individual holding both Security Specialty and Solutions Architect Professional certifications would count toward both requirements.

    • Annual PartnerEquip: Live Attendance:
      • Minimum of two technical staff members must attend the annual AWS Security PartnerEquip: Live training
      • Attendees should be in roles responsible for AWS integration and security features
      • Attendance must be maintained annually to ensure knowledge of latest AWS security capabilities
    • MSSP Communication Channel:
      • Provide and maintain current distribution list of technical staff
      • Email addresses will be used for:
        • PartnerEquip: Live registration information
        • AWS MSSP program updates
        • AWS security service announcements
        • Enablement opportunities
      • Partner responsible for keeping distribution list current

    Evidence:

    • AWS will verify certification requirements through internal certification tracking systems
    • PartnerEquip: Live attendance and completion certificates for the current year
    • Confirmation of active and current MSSP distribution list

  • CORE-010 - Multicloud Support

    Partners who offer multicloud support must provide public-facing proof of their capabilities in managing security across multiple cloud environments.

    Evidence:

    • Public case study or white paper demonstrating multicloud security management
    • Public-facing product/service description clearly stating multicloud support
    • Third-party validation or certification of multicloud expertise

    Partners must provide at least one of these forms of evidence to be recognized for multicloud support within the MSSP Competency.

  • CORE-011 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS security services:

    Security Services:

    • AWS Security Hub
    • Amazon GuardDuty
    • Amazon Inspector
    • Amazon Security Lake

    Management & Governance:

    • AWS Organizations
    • AWS Identity and Access Management (IAM)
    • AWS Config
    • AWS Systems Manager
    • AWS Audit Manager

    Monitoring & Operations:

    • Amazon CloudWatch
    • AWS CloudTrail
    • Amazon EventBridge

    Storage:

    • Amazon S3

  • CORE-012 - Optional AWS Security Competency ISV Solutions

    Partners leveraging third party ISV offerings validated in the Security competency may show proof of partnership in the following use cases. Evidence may include a screenshot of the partners name listed on the third party ISVs website, or partner portal:

    • SIEM (Security Information and Event Management)
    • SOAR (Security Orchestration, Automation, and Response)
    • CSPM (Cloud Security Posture Management)
    • CAASM (Cyber Asset Attack Surface Management)

Infrastructure Security

Partners must demonstrate advanced infrastructure security capabilities beyond the core requirements.

  • INF-001 - Network Protection

    Partner must demonstrate comprehensive infrastructure protection capabilities, including:

    • Infrastructure vulnerability management:
      • AWS service configuration vulnerabilities
      • Network and security group vulnerabilities
      • Infrastructure component compliance
      • AWS resource policy vulnerabilities
    • Infrastructure configuration security:
      • Security baseline enforcement
      • Custom AWS Config rules
      • Automated remediation workflows
      • Configuration drift detection
    • Patch management:
      • Automated patch deployment using AWS Systems Manager
      • Patch compliance monitoring
      • Emergency patch procedures
      • Patch testing and validation

    Evidence:

    1. Architecture Documentation
      1. Vulnerability management architecture
      2. Configuration management design
      3. Patch management architecture
    2. Configuration Examples
      1. Vulnerability scanning configuration
      2. AWS Config rules implementation
      3. AWS Systems Manager patch management setup
    3. Process Documentation
      1. Vulnerability management procedures
      2. Configuration security workflows
      3. Patch management procedures
    4. Demonstration
      1. Vulnerability management workflow
      2. Configuration remediation process
      3. Patch deployment workflow

  • INF-002 - Network Security

    Partner must implement advanced network security controls, including:

    • DDoS protection:
      • AWS Shield Advanced implementation
      • DDoS response procedures
      • Attack mitigation playbooks
      • Traffic monitoring and analysis
    • Network threat prevention:
      • AWS Network Firewall deployment
      • Threat detection and blocking
      • Traffic analysis and monitoring
      • Custom rule management
    • Network access control:
      • Advanced Network Access Control Lists (NACLs) management
      • Granular security group policies
      • Implementing principle of least privilege for network access
      • Network flow logging and analysis
      • Regular auditing and optimization of network access policies

    Evidence:

    1. Architecture Documentation
      1. Network security architecture
      2. DDoS protection design
      3. Network monitoring architecture
    2. Configuration Examples
      1. AWS Shield Advanced configuration
      2. AWS Network Firewall rule sets
      3. NACLs and security group policies
    3. Process Documentation
      1. DDoS response procedures
      2. Network threat handling
      3. Access control management
    4. Demonstration
      1. DDoS mitigation workflow
      2. Threat detection and response
      3. Access control implementation

  • INF-003 - Network Segmentation

    Partner must demonstrate advanced network segmentation capabilities, including:

    • Network isolation:
      • Amazon VPC design and implementation
      • AWS Transit Gateway configuration
      • Network boundaries definition
      • Cross-account connectivity
    • Micro-segmentation:
      • Granular security group policies
      • Application-level segmentation
      • Workload isolation
      • Zone-based security
    • Network policy management:
      • Network policy automation
      • Policy compliance monitoring
      • Change management procedures
      • Policy validation and testing

    Evidence:

    1. Architecture Documentation
      1. Network segmentation architecture
      2. Micro-segmentation design
      3. Policy management framework
    2. Configuration Examples
      1. Amazon VPC and AWS Transit Gateway configurations
      2. Security group implementations
      3. Network policy definitions
    3. Process Documentation
      1. Network isolation procedures
      2. Segmentation management
      3. Policy lifecycle management
    4. Demonstration
      1. Network isolation implementation
      2. Micro-segmentation deployment
      3. Policy management workflow

  • INF-004 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS security services

    • AWS Network Firewall
    • AWS Shield Advanced
    • AWS Web Application Firewall (AWS WAF)
    • Amazon Inspector
    • AWS Systems Manager
    • AWS Config
    • Amazon Virtual Private Cloud (Amazon VPC)
    • AWS Transit Gateway
    • Amazon VPC Network Access Analyzer
    • Amazon EventBridge
    • Amazon CloudWatch
    • Amazon Security Lake
    • AWS Control Tower

  • INF-005 - Optional AWS Security Competency ISV Solutions

    Partners leveraging third party ISV offerings validated in the Security competency may show proof of partnership in the following use cases. Evidence may include a screenshot of the partners name listed on the third party ISVs website, or partner portal.

    Infrastructure Protection:

    • CSPM (Cloud Security Posture Management)
    • CWPP (Cloud Workload Protection Platform)
    • CAASM (Cyber Asset Attack Surface Management)
    • Vulnerability Management

    Network Detection & Control:

    • NGFW (Next Generation Firewalls)
    • Network Detection and Response
    • Network Security Policy Management

    Network Security Services:

    • ZTNA (Zero Trust Network Access)
    • SASE (Secure Access Service Edge)
    • CASB (Cloud Access Security Broker)
    • SWG (Secure Web Gateway)
    • Distributed Denial of Service (DDoS) Protection

Workload Security

Partners must demonstrate advanced workload security capabilities beyond the core requirements.

  • WRK-001 - Traditional Workload Protection

    Partner must demonstrate protection capabilities for traditional cloud workloads, including:

    • Workload hardening:
      • Operating system hardening
      • Application runtime protection
      • Memory protection
      • System integrity monitoring
    • Host-based security:
      • Endpoint detection and response (EDR) implementation
      • Host-based intrusion detection/prevention
      • File integrity monitoring
      • Process and behavior monitoring
    • Application security controls:
      • Application allowlisting
      • Process monitoring and control
      • Library and dependency control
      • Host-level runtime protection

    Evidence:

    1. Architecture Documentation
      1. Host security architecture
      2. Application protection design
    2. Configuration Examples
      1. Host security tool deployment
      2. Application security controls
    3. Process Documentation
      1. Workload hardening procedures
      2. Host security monitoring workflows
    4. Demonstration
      1. Host security monitoring and response
      2. Application security control enforcement

  • WRK-002 - Cloud-Native Security

    Partner must demonstrate security capabilities for cloud-native workloads, including:

    • Container security:
      • Amazon ECS and Amazon EKS security controls implementation
      • Container image scanning and policy enforcement
      • Runtime container behavior monitoring
      • Container network policy management
      • Kubernetes security posture management
      • Integration with AWS Security Hub for container security findings
      • Leveraging AWS Fargate for enhanced isolation
    • Serverless security:
      • AWS Lambda security configuration and permissions
      • AWS Fargate task and execution security
      • Container image security for serverless workloads
      • Event source security and monitoring
      • Amazon API Gateway security controls
      • AWS Secrets Manager integration for serverless components
      • Serverless application protection and monitoring
      • AWS IAM controls
    • Container image scanning:
      • Automated vulnerability scanning
      • Software composition analysis
      • Image hardening and compliance checks
    • Runtime protection:
      • Container runtime behavior monitoring
      • Serverless function execution monitoring
      • Cloud-native application behavior analysis
      • Container escape detection

    Evidence:

    1. Architecture Documentation
      1. Container security architecture
      2. Serverless security architecture
    2. Configuration Examples
      1. Container security controls
      2. Serverless security controls
      3. Image scanning pipeline
    3. Process Documentation
      1. Container security procedures
      2. Serverless security procedures
      3. Runtime protection workflows
    4. Demonstration
      1. Container security monitoring
      2. Serverless security monitoring
      3. Runtime threat detection and response

  • WRK-003 - Cloud Workload Posture Management

    While this section focuses on workload-specific runtime protection, see APP-002: Runtime Protection for application-layer protections.

    Partner must demonstrate cloud workload posture management capabilities, including:

    • Workload configuration assessment:
      • Application and runtime configurations
      • Container and function configurations
      • Workload-specific security baselines
      • Application dependency analysis
    • Runtime threat detection:
      • Behavioral anomaly detection
      • Threat intelligence integration
      • Custom detection rules
      • Alert correlation and analysis
    • Automated response capabilities:
      • Incident response automation
      • Remediation playbooks
      • Integration with CI/CD pipelines
      • Security metrics and reporting

    Evidence:

    1. Architecture Documentation
      1. Workload posture management architecture
      2. Threat detection and response design
    2. Configuration Examples
      1. Security baseline configurations
      2. Detection rules and playbooks
    3. Process Documentation
      1. Configuration assessment procedures
      2. Threat detection and response workflows
    4. Demonstration
      1. Posture management dashboard
      2. Automated response capabilities

  • WRK-004 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS services:

    • Amazon Elastic Compute Cloud (Amazon EC2)
    • Amazon Elastic Container Service (Amazon ECS)
    • Amazon Elastic Kubernetes Service (Amazon EKS)
    • Amazon Elastic Container Registry (Amazon ECR)
    • AWS App Runner
    • AWS Lambda
    • AWS Fargate
    • Amazon API Gateway
    • AWS Secrets Manager
    • AWS Identity and Access Management (IAM)
    • AWS Systems Manager
    • AWS Security Hub
    • Amazon GuardDuty
    • Amazon CloudWatch
    • AWS CloudTrail

  • WRK-005 - Optional AWS Security Competency ISV Solutions

    Partners leveraging third party ISV offerings validated in the Security competency may show proof of partnership in the following use cases. Evidence may include a screenshot of the partners name listed on the third party ISVs website, or partner portal.

    • EDR (Endpoint Detection and Response)
    • XDR (Extended Detection and Response)
    • MDR (Managed Detection and Response)
    • CWPP (Cloud Workload Protection Platform)

Application Security

Partners must demonstrate advanced application security capabilities beyond the core requirements.

  • APP-001 - Application Security Testing

    Partner must demonstrate comprehensive application security testing capabilities, including:

    • Static Application Security Testing (SAST):
      • Source code security analysis
      • Custom rule development
      • Security issue prioritization
      • Code security baseline enforcement
    • Dynamic Application Security Testing (DAST):
      • Runtime application scanning
      • API security testing
      • Authentication and authorization testing
      • Session management testing
      • Business logic testing
      • Input/output validation testing
    • Software Composition Analysis (SCA):
      • Third-party dependency scanning
      • Known vulnerability detection
      • License compliance checking
      • Supply chain risk analysis
    • Penetration Testing:
      • Penetration testing aligned with AWS Acceptable Use Policy
      • API penetration testing
      • Web application penetration testing
      • Findings remediation guidance

    Evidence:

    1. Architecture Documentation
      1. Application security testing architecture
      2. Testing tool integration design
      3. Penetration testing methodology
    2. Configuration Examples
      1. SAST tool configurations
      2. DAST scanning setup
      3. SCA implementation
      4. Penetration testing scope and rules of engagement
    3. Process Documentation
      1. Security testing procedures
      2. Penetration testing procedures aligned with AWS requirements
      3. Issue remediation workflows
      4. Risk acceptance process
    4. Demonstration
      1. Security testing execution
      2. Results analysis and triage
      3. Remediation workflow
      4. Penetration testing reporting

  • APP-002 - Runtime Protection

    Partner must implement application runtime protection capabilities, including:

    • API Security:
      • Implementation of API Gateway access controls
      • API authentication and authorization mechanisms
      • API request/response validation and sanitization
      • API threat modeling and risk assessment
      • Continuous API security testing and monitoring
      • Integration with AWS WAF for API-specific rule sets
    • Web Application Firewall:
      • AWS WAF rule management
      • Custom rule development
      • Attack pattern detection
      • False positive management
    • Bot Protection:
      • Bot detection and classification
      • Rate limiting and throttling
      • Challenge-based verification mechanisms
      • Business logic abuse prevention

    Evidence:

    1. Architecture Documentation
      1. Runtime protection architecture
      2. API security design
      3. Bot protection implementation
    2. Configuration Examples
      1. AWS WAF configurations
      2. API Gateway security controls
      3. Bot protection rules
    3. Process Documentation
      1. Runtime protection procedures
      2. Incident response workflows
      3. Rule maintenance process
    4. Demonstration
      1. Attack detection and blocking
      2. Bot mitigation
      3. Security rule management

  • APP-003 - DevSecOps Integration

    Partner must demonstrate security integration into DevOps processes, including:

    • Pipeline Security:
      • CI/CD pipeline security controls
      • Security gate implementation
      • Automated security testing
      • Security metrics and reporting
      • Pipeline security posture monitoring
    • Infrastructure as Code Scanning:
      • AWS CloudFormation template scanning
      • Terraform configuration analysis
      • Custom policy development
      • Automated remediation
    • Artifact Security:
      • Container image scanning
      • Package verification
      • Code signing
      • Artifact integrity validation

    Evidence:

    1. Architecture Documentation
      1. DevSecOps integration architecture
      2. Security pipeline design
    2. Configuration Examples
      1. Pipeline security configurations
      2. IaC scanning setup
      3. Artifact security controls
    3. Process Documentation
      1. DevSecOps procedures
      2. Security gate criteria
      3. Release security process
    4. Demonstration
      1. Security pipeline execution
      2. IaC security scanning
      3. Artifact security verification

  • APP-004 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS services:

    • Amazon API Gateway
    • AWS Web Application Firewall (AWS WAF)
    • AWS CodePipeline
    • AWS CodeBuild
    • AWS CodeArtifact
    • AWS Secrets Manager
    • Amazon EventBridge
    • AWS CloudFormation
    • AWS Identity and Access Management (IAM)
    • Amazon Verified Permissions
    • Amazon Cognito
    • Amazon CloudWatch
    • AWS CloudTrail
    • AWS Signer
    • Amazon Elastic Container Registry (Amazon ECR)
    • AWS Security Hub

  • APP-005 - Optional AWS Security Competency ISV Solutions

    Partners leveraging third party ISV offerings validated in the Security competency may show proof of partnership in the following use cases. Evidence may include a screenshot of the partners name listed on the third party ISVs website, or partner portal.

    • Static Code Analysis
    • RASP (Runtime Application and Self-Protection)
    • WAAP (Web Application and API Protection)
    • SBOM/Supply Chain Security

Data Protection

Partners must demonstrate advanced data protection capabilities beyond the core requirements.

  • DAT-001 - Data Security

    This section focuses on active data protection. For data backup and recovery, refer to CYR-002: Cyber-Resilient Architecture.

    Partner must demonstrate comprehensive data security capabilities, including:

    • Data Loss Prevention (DLP):
      • DLP policy development and management
      • Data exfiltration prevention
      • Data transfer monitoring
      • Automated response to data policy violations
    • Encryption Management:
      • AWS KMS key management
      • AWS CloudHSM operations
      • Certificate lifecycle management
      • Encryption policy enforcement
    • Sensitive Data Discovery:
      • Amazon Macie integration
      • Sensitive data scanning and classification
      • Data inventory and mapping
      • Risk assessment and reporting
    • Data Access Control:
      • Fine-grained access control implementation
      • Data access monitoring
      • Privileged access management for data
      • Data sharing controls

    Evidence:

    1. Architecture Documentation
      1. Data security architecture
      2. Encryption management design
      3. Data access control framework
    2. Configuration Examples
      1. DLP policy configurations
      2. Encryption implementations
      3. Access control policies
    3. Process Documentation
      1. Data security procedures
      2. Encryption key management processes
      3. Data access review workflows
    4. Demonstration
      1. DLP policy enforcement
      2. Encryption management
      3. Sensitive data discovery

  • DAT-002 - AI/ML Security

    Partner must implement security controls for AI/ML workloads, including:

    • Training Data Protection:
      • Data privacy preservation
      • Data poisoning prevention
      • Training data access controls
      • Data lineage tracking
    • Model Security:
      • Model access control
      • Model integrity protection
      • Version control and audit
      • Secure model deployment
    • AI/ML Output Validation:
      • Output data validation
      • Bias detection
      • Model behavior monitoring
      • Response filtering

    Evidence:

    1. Architecture Documentation
      1. AI/ML security architecture
      2. Model protection design
    2. Configuration Examples
      1. Training data protection controls
      2. Model security configurations
      3. Output validation rules
    3. Process Documentation
      1. AI/ML security procedures
      2. Model deployment security
      3. Output validation workflows
    4. Demonstration
      1. Training data protection
      2. Model security controls
      3. Output validation process

  • DAT-003 - Data Compliance

    Partner must demonstrate data compliance capabilities, including:

    • Data Classification:
      • Automated data classification
      • Classification policy management
      • Data labeling and tagging
      • Classification monitoring and reporting
    • Privacy Controls:
      • Privacy impact assessment
      • Privacy-preserving techniques
      • Data anonymization/pseudonymization
      • Privacy compliance monitoring
    • Regulatory Compliance:
      • Data residency controls
      • Data retention management
      • Compliance reporting
      • Cross-border data transfer controls

    Evidence:

    1. Architecture Documentation
      1. Data compliance architecture
      2. Privacy control framework
    2. Configuration Examples
      1. Data classification rules
      2. Privacy control implementations
      3. Compliance control configurations
    3. Process Documentation
      1. Compliance monitoring procedures
      2. Privacy protection workflows
      3. Regulatory compliance processes
    4. Demonstration
      1. Data classification capabilities
      2. Privacy control enforcement
      3. Compliance reporting

  • DAT-004 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS services:

    • AWS Key Management Service (AWS KMS)
    • AWS CloudHSM
    • AWS Certificate Manager (ACM)
    • AWS Private Certificate Authority
    • Amazon Macie
    • AWS Identity and Access Management (IAM)
    • Amazon SageMaker
    • Amazon S3
    • AWS Secrets Manager
    • AWS Security Hub
    • Amazon CloudWatch
    • AWS CloudTrail
    • Amazon Security Lake
    • AWS Audit Manager

  • DAT-005 - Optional AWS Security Competency ISV Solutions

    Partners leveraging third party ISV offerings validated in the Security competency may show proof of partnership in the following use cases. Evidence may include a screenshot of the partners name listed on the third party ISVs website, or partner portal.

    • Database Security
    • DLP (Data Loss Prevention)
    • Keys and Secrets Management
    • Malware Analysis
    • Tokenization and Masking
    • DSPM (Data Security Posture Management)
    • AI Data Security

Identity & Access Management

Partners must demonstrate advanced identity and access management capabilities beyond the core requirements. While other categories may include identity-related controls specific to their domains (e.g., application authentication, network access), this category focuses on comprehensive identity governance, privileged access management, and identity security across all AWS services and integrated systems.

  • IAM-001 - Access Management

    Partner must demonstrate comprehensive access management capabilities, including:

    • Identity Governance:
      • Advanced identity policy management and analysis
      • Automated access review and certification
      • Dynamic roles and entitlements management
      • Separation of duties enforcement
    • Authentication Controls:
      • Multi-factor authentication management
      • Authentication policy enforcement
      • Password policy management
      • Authentication standards compliance
    • Authorization Management:
      • Fine-grained permissions management
      • Resource-based policy administration
      • Permission boundary implementation
      • Access policy validation

    Evidence:

    1. Architecture Documentation
      1. Identity and access management architecture
      2. Authentication and authorization design
    2. Configuration Examples
      1. Identity governance policies
      2. Authentication configurations
      3. Authorization policy implementations
    3. Process Documentation
      1. Access management procedures
      2. Authentication control workflows
      3. Authorization review process
    4. Demonstration
      1. Identity governance controls
      2. Authentication mechanisms
      3. Authorization management

  • IAM-002 - Privileged Access

    Partner must implement privileged access management capabilities, including:

    • Privilege Management:
      • Privileged role definition and management
      • Emergency access procedures
      • Break-glass access controls
      • Privileged access review
    • Session Monitoring:
      • Privileged session recording
      • Activity logging and analysis
      • Real-time session monitoring
      • Session termination controls
    • Just-in-Time Access:
      • Temporary access provisioning
      • Time-bound permission management
      • Access request and approval workflows
      • Automated access revocation

    Evidence:

    1. Architecture Documentation
      1. Privileged access management architecture
      2. Session monitoring design
    2. Configuration Examples
      1. Privileged role configurations
      2. Session monitoring setup
      3. Just-in-time access implementations
    3. Process Documentation
      1. Privileged access procedures
      2. Session monitoring workflows
      3. Access request processes
    4. Demonstration
      1. Privileged access controls
      2. Session monitoring capabilities
      3. Just-in-time access workflow

  • IAM-003 - Identity Security

    Partner must demonstrate identity security capabilities, including:

    • Identity Threat Detection:
      • Anomalous behavior detection
      • Credential compromise detection
      • Identity-based threat monitoring
      • Access pattern analysis
    • Identity Lifecycle Management:
      • Identity provisioning and deprovisioning
      • Role assignment and revocation
      • Access recertification
      • Identity repository management
    • Federation Management:
      • Identity provider integration and management
      • Federation service configuration
      • Single sign-on implementation
      • Cross-account federation
      • Federation security monitoring
      • Federation access patterns analysis

    Evidence:

    1. Architecture Documentation
      1. Identity security architecture
      2. Federation service design
    2. Configuration Examples
      1. Identity threat detection rules
      2. Lifecycle management configurations
      3. Federation service setup
    3. Process Documentation
      1. Identity security procedures
      2. Lifecycle management workflows
      3. Federation management process
    4. Demonstration
      1. Identity threat detection
      2. Lifecycle management controls
      3. Federation capabilities

  • IAM-004 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS services:

    • AWS Identity and Access Management (IAM)
    • AWS IAM Identity Center (successor to AWS Single Sign-On)
    • Amazon Cognito
    • AWS Directory Service
    • AWS Organizations
    • Amazon Verified Permissions
    • AWS Resource Access Manager
    • AWS CloudTrail
    • Amazon CloudWatch
    • AWS Security Hub

  • IAM-005 - Optional AWS Security Competency ISV Solutions

    Partners leveraging third party ISV offerings validated in the Security competency may show proof of partnership in the following use cases. Evidence may include a screenshot of the partners name listed on the third party ISVs website, or partner portal.

    • CIEM (Cloud Infrastructure Entitlements Management)
    • PASM (Privileged Access and Session Management)
    • Workforce Identity Management
    • TEAM (Temporary Elevated Access Management)

Incident Response

Partners must demonstrate advanced incident response capabilities beyond the core requirements. These requirements align with NIST SP 800-61 Computer Security Incident Handling Guide.

  • INC-001 - Preparation

    Partner must demonstrate comprehensive incident response preparation capabilities, including:

    • Incident Response Planning:
      • Incident response plan development and maintenance
      • Team structure and roles definition
      • Communication procedures
      • Tools and resources readiness
    • Detection Capabilities:
      • Advanced detection mechanisms
      • Alert correlation frameworks
      • Monitoring strategies
    • Team Readiness:
      • Training and exercises
      • Documentation and procedures
      • External coordination plans

    Evidence:

    1. Architecture Documentation
      1. Incident response tooling architecture
      2. Detection and monitoring infrastructure
      3. Communication systems design
    2. Configuration Examples
      1. Detection tool configurations
      2. Correlation rule implementations
      3. Monitoring system setup
    3. Process Documentation
      1. Incident response plan
      2. Team structure and responsibilities
      3. Communication procedures
      4. Training and exercise programs
    4. Demonstration
      1. IR team activation process
      2. Detection capabilities
      3. Communication workflow

  • INC-002 - Detection and Analysis

    Partner must demonstrate comprehensive detection and analysis capabilities, including:

    • Incident Detection:
      • Signs of incidents
      • Advanced analysis of precursors and indicators
      • Incident categorization and prioritization
    • Investigation Techniques:
      • AWS-native forensic data collection
      • Incident scope determination
      • Evidence handling procedures
    • Documentation:
      • Investigation tracking
      • Chain of custody maintenance
      • Incident documentation

    Evidence:

    1. Architecture Documentation
      1. Detection and analysis architecture
      2. Forensics platform design
      3. Evidence handling infrastructure
    2. Configuration Examples
      1. Detection rule configurations
      2. Analysis tool setup
      3. Evidence collection systems
    3. Process Documentation
      1. Detection and analysis procedures
      2. Investigation workflows
      3. Evidence handling protocols
    4. Demonstration
      1. Incident detection process
      2. Analysis capabilities
      3. Evidence handling workflow

  • INC-003 - Containment, Eradication, and Recovery

    Partner must implement comprehensive incident handling capabilities, including:

    • Containment Strategy:
      • Short-term containment
      • System backup
      • Long-term containment
    • Eradication:
      • Threat removal
      • Root cause identification
      • Prevention of similar incidents
    • Recovery:
      • System restoration
      • Service validation
      • Monitoring for incident recurrence

    Evidence:

    1. Architecture Documentation
      1. Containment architecture
      2. Recovery infrastructure design
      3. Monitoring systems
    2. Configuration Examples
      1. Containment mechanisms
      2. Recovery tool configurations
      3. Monitoring setup
    3. Process Documentation
      1. Containment procedures
      2. Eradication workflows
      3. Recovery processes
    4. Demonstration
      1. Containment capabilities
      2. Eradication procedures
      3. Recovery workflow

  • INC-004 - Post-Incident Activity

    Partner must demonstrate post-incident capabilities, including:

    • Lessons Learned:
      • Incident documentation review
      • Root cause analysis
      • Process improvement identification
    • Metrics:
      • Response time measurement
      • Impact assessment
      • Cost analysis
    • Updates:
      • Policy and procedure updates
      • Training material updates
      • Detection and response improvement

    Evidence:

    1. Architecture Documentation
      1. Metrics collection architecture
      2. Analysis platform design
      3. Documentation systems
    2. Configuration Examples
      1. Metrics collection setup
      2. Analysis tool configurations
      3. Documentation system implementation
    3. Process Documentation
      1. Lessons learned procedures
      2. Metrics analysis workflows
      3. Update processes
    4. Demonstration
      1. Post-incident analysis process
      2. Metrics reporting capabilities
      3. Improvement implementation

  • INC-005 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS services:

    • AWS Security Incident Response
    • AWS Security Hub
    • Amazon Detective
    • Amazon GuardDuty
    • Amazon Security Lake
    • AWS CloudTrail
    • Amazon EventBridge
    • AWS Systems Manager Incident Manager
    • Amazon CloudWatch
    • AWS Lambda
    • Amazon OpenSearch Service
    • Amazon S3

  • INC-006 - Optional AWS Security Competency ISV Solutions

    Partners leveraging third party ISV offerings validated in the Security competency may show proof of partnership in the following use cases. Evidence may include a screenshot of the partners name listed on the third party ISVs website, or partner portal.

    • SIEM (Security Information and Event Management)
    • SOAR (Security Orchestration, Automation, and Response)
    • XDR (Extended Detection and Response)
    • Network Detection and Response
    • MDR (Managed Detection and Response)

Cyber Recovery

While other categories may cover aspects of security that contribute to cyber resilience, this category focuses specifically on the planning, architecture, and execution of recovery from cyber incidents, with an emphasis on maintaining business continuity in the face of sophisticated cyber attacks.

This category complements the Incident Response category but serves a distinct purpose. While Incident Response focuses on immediate detection, investigation, and containment of security incidents, Cyber Recovery addresses the strategic planning, infrastructure design, and operational procedures needed to fully recover business operations following a major cyber incident.

  • CYR-001 - Cyber Recovery Planning

    Partner must demonstrate comprehensive cyber recovery planning capabilities, including:

    • Cyber Incident Recovery Strategies:
      • Recovery strategy development
      • Recovery prioritization framework
      • Cross-functional recovery coordination
      • Recovery automation planning
    • Critical Data and System Identification:
      • Business impact analysis
      • Critical asset inventory
      • Dependency mapping
      • Recovery sequence determination
    • Recovery Objectives Management:
      • RTO/RPO definition for cyber incidents
      • Recovery objective validation
      • Continuous improvement of recovery objectives
      • Recovery objective reporting and monitoring

    Evidence:

    1. Architecture Documentation
      1. Cyber recovery architecture
      2. Critical systems and data flow diagrams
    2. Configuration Examples
      1. Recovery automation configurations
      2. Critical asset inventory setup
    3. Process Documentation
      1. Recovery strategy documentation
      2. Critical asset identification procedures
      3. RTO/RPO management process
    4. Demonstration
      1. Recovery strategy execution
      2. Critical asset identification and prioritization
      3. RTO/RPO management and reporting

  • CYR-002 - Cyber-Resilient Architecture

    Partner must implement cyber-resilient architecture capabilities, including:

    • Immutable Backups:
      • Immutable storage configuration
      • Backup integrity verification
      • Retention policy management
      • Secure backup access controls
    • Air-Gapped Recovery Environments:
      • Logical air gap implementation
      • Physical air gap management (if applicable)
      • Secure data transfer mechanisms
      • Air gap effectiveness testing
    • Data Integrity Validation:
      • Backup data validation processes
      • Recovery point integrity checks
      • Data corruption detection
      • Automated integrity monitoring

    Evidence:

    1. Architecture Documentation
      1. Immutable backup architecture
      2. Air-gapped environment design
      3. Data integrity validation framework
    2. Configuration Examples
      1. Immutable storage configurations
      2. Air gap implementation setup
      3. Data integrity check configurations
    3. Process Documentation
      1. Immutable backup management procedures
      2. Air-gapped environment access protocols
      3. Data integrity validation workflows
    4. Demonstration
      1. Immutable backup creation and restoration
      2. Air-gapped environment operation
      3. Data integrity validation process

  • CYR-003 - Ransomware Recovery

    Partner must demonstrate ransomware recovery capabilities, including:

    • Recovery Preparation:
      • Ransomware-resistant backup strategies
      • Secure, isolated recovery environment preparation
      • Recovery prioritization for ransomware scenarios
      • Pre-recovery malware scanning procedures
    • Recovery Execution:
      • Clean environment restoration procedures
      • Data recovery from immutable backups
      • Staged recovery to prevent re-infection
      • Secure data restoration workflows
    • Post-Recovery Validation:
      • System and data integrity verification
      • Security posture validation post-recovery
      • Business service restoration confirmation
      • Post-recovery threat hunting

    Evidence:

    1. Architecture Documentation
      1. Ransomware recovery architecture
      2. Secure backup and recovery environment design
    2. Configuration Examples
      1. Immutable backup configurations
      2. Recovery environment setup
      3. Post-recovery validation tools
    3. Process Documentation
      1. Ransomware recovery playbooks
      2. Data restoration procedures
      3. Post-recovery validation workflows
    4. Demonstration
      1. Ransomware recovery simulation
      2. Data restoration from immutable backups
      3. Post-recovery security validation

  • CYR-004 - Cyber Incident Simulation

    Partner must implement cyber incident simulation capabilities, including:

    • Tabletop Exercises for Cyber Scenarios:
      • Scenario development and planning
      • Cross-functional participation coordination
      • Exercise facilitation
      • Decision-making assessment
    • Technical Cyber Recovery Drills:
      • Recovery environment setup
      • Technical recovery execution
      • Performance measurement
      • System and data validation post-recovery
    • Lessons Learned and Improvement Processes:
      • After-action review facilitation
      • Improvement opportunity identification
      • Remediation planning
      • Continuous improvement implementation

    Evidence:

    1. Architecture Documentation
      1. Simulation environment architecture
      2. Recovery drill infrastructure design
    2. Configuration Examples
      1. Tabletop exercise setups
      2. Technical drill configurations
    3. Process Documentation
      1. Exercise and drill planning procedures
      2. Simulation execution workflows
      3. Lessons learned processes
    4. Demonstration
      1. Tabletop exercise execution
      2. Technical recovery drill
      3. Improvement process implementation

  • CYR-005 - Required AWS Services Expertise

    Partner must demonstrate expertise in the following required AWS services:

    • AWS Backup
    • Amazon S3
    • Amazon S3 Glacier
    • AWS CloudFormation
    • Amazon EventBridge
    • AWS Lambda
    • Amazon CloudWatch
    • AWS Identity and Access Management (IAM)
    • AWS CloudTrail
    • Amazon VPC
    • AWS Elastic Disaster Recovery (AWS DRS)
    • AWS Storage Gateway
    • AWS Outposts
    • AWS Snowball Edge

  • CYR-006 - Optional AWS Security Competency ISV Solutions

    While there are no specific AWS Security Competency ISV Partner use cases for cyber recovery, partners may demonstrate integration with relevant capabilities from ISV solutions that have achieved the AWS Security Competency, particularly in areas such as data protection and threat detection. Partners should provide evidence of formal relationships with these ISVs, such as a screenshot of the partner's name listed on the ISV's website or partner portal. Relevant capabilities may include, but are not limited to:

    • Backup and disaster recovery solutions
    • Data protection and encryption tools
    • Threat detection and response platforms that support recovery scenarios
    • Immutable storage solutions
    • Air-gap and secure enclave technologies

Common AWS Partner Practice Requirements

The following requirements validate the mechanisms and organizational practices in place to ensure the AWS Partner is able to consistently deliver high quality customer outcomes for AWS projects. This section of the requirements are WAIVED if the associated offering has an approved Service Offering Foundational Technical Review OR if the AWS Partner has achieved another AWS Services Competency within the last 12 months.

Managed Security Service Provider Practice Overview

  • POV-001 - Customer Presentation

    AWS Partner has a company overview presentation that sets the stage for customer conversations about their AWS Managed Security Service Provider capabilities and showcases AWS Partner’s demonstration capabilities.

    Presentation contains information about the AWS Partner’s AWS Managed Security Service Provider capabilities, including AWS specific differentiators, e.g., what is unique about the AWS Partner’s practice that can only be accomplished leveraging AWS.

    Overview presentations contain:

    • Company history
    • Office locations
    • Number of employees
    • Customer profile, including number, size, and industries of customers
    • Overview of Managed Security Service Provider practice
    • Notable AWS projects

    Please provide the following as evidence:

    • Delivery of presentation by a business development executive at the beginning of the validation session. This should be limited to 15 minutes.

  • POV-002 - Maintaining AWS Expertise

    AWS Partner has internal mechanisms for maintaining their consultants' expertise on Managed Security Service Provider-related AWS services and tools.

    Please provide the following as evidence:

    • List of internal and/or external AWS-focused education events lead by AWS Partner staff (e.g. formal training, lunch and learns, meetups, user groups, etc.) in last 12 months.
    • Resources provided by AWS Partner to staff for ongoing AWS skills development

  • POV-003 - AWS Partner Solution Selling

    AWS Partner must describe how Managed Security Service Provider opportunities are identified, how their sellers are trained to identify and sell those opportunities, and specific demand generation/lead generation efforts associated to their AWS Managed Security Service Provider practice.

    Please provide the following as evidence:

    • A description on how the AWS Partner engages with customers, their internal sellers, and AWS sellers if applicable.

  • POV-004 - AWS Sales Engagement

    AWS Partner must describe how and when they engage with AWS sellers and AWS Solutions Architects.

    Please provide the following as evidence:

    • A verbal description for how and when they engage AWS sellers or AWS Solutions Architects on an opportunity or in the form of a demonstration of the AWS Opportunity Management tool in AWS Partner Central with sales qualified opportunities submitted (sales qualified = budget, authority, need, timeline, and competition fields completed).

  • POV-005 - Training for Internal Personnel

    AWS Partner must have a process to ensure that there are sufficient Managed Security Service Provider trained personnel to effectively support customers.

    Please provide the following as evidence:

    • An established training plan including on-boarding processes that identify job roles (sellers, solutions architects, project managers) and required training paths
    • A verbal description of methods used to allocate required resources to Managed Security Service Provider projects

AWS Partner Delivery Model

  • PRJ-001 - Expected Outcomes

    AWS Partner has processes for working with customers to determine and define expected outcomes associated with the projects.

    Please provide the following as evidence:

    • Project deliverable templates or other resources used for project scoping and definition

  • PRJ-002 - Scope

    AWS Partner has processes to determine scope of work with specific criteria defining customer project with expected deliverables.

    Please provide the following as evidence:

    • Project templates or other resources(e.g. RACI Matrix) used for project scoping and definition

  • PRJ-003 - Statement of Work

    AWS Partner has standard Statement of Work (SOW) templates for Managed Security Service Provider projects that can be customized to customer needs.

    Please provide the following as evidence:

    • Default SOW template

  • PRJ-004 - Project Manager

    AWS Partner assigns Project Manager to each project to ensure project remains on time and within budget.

    Please provide the following as evidence:

    • Documentation to show that Project Managers were assigned to each of the 4 customer example projects.

  • PRJ-005 - Change Management

    AWS Partner has processes to document, manage, and respond to requests for changes to the project scope.

    Please provide the following as evidence:

    • Documentation of change management practices

Customer Satisfaction

  • CSN-001 - Customer Acceptance for Projects

    AWS Partner has a customer acceptance process.

    Please provide the following as evidence:

    • Example customer training documents
    • SOW language describing handoff responsibilities and acceptance criteria

  • CSN-002 - Customer Satisfaction Aligned to Project Milestones

    AWS Partner implements customer satisfaction checkpoints as part of the project plan.

    Please provide the following as evidence:

    • Project plan and customer satisfaction results for milestone-defined checkpoints

Resources

AWS Specialization Program Guide
Provides step-by-step instructions when applying for an AWS Specialization.
AWS Specialization Program Benefits Guide
Provides a deeper description of the program benefits.
AWS Competency Application Process
Provides high-level visibility into the AWS Competency application process and timelines for associated process steps.
AWS Competency & SDP Common Customer Example Requirement Calibration Guide
Provides control-by-control best practices, resources to implement, good example responses.
How to build a microsite
Provides guidance on how to build a microsite to highlight your AWS Specialization.
How to build a public case study
Provides guidance on how to build a public customer case study that will showcase your success with AWS Customers.
How to build an architecture diagram
Provides guidance on how to build an architecture diagrams that will meet the prerequisites of the Program.
Well Architected Website
Learn about the Well Architected Framework and its approach.
SaaS Best Practices
Provides best practices on SaaS
Changes between previous and current versions
Change Log
Deployment Pipeline Reference Architecture
Learn about the stages and actions for different types of pipelines that exist in modern systems.