2023 PiTuKri ISAE 3000 Type II attestation report available with 171 services in scope
Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) International Standard on Assurance Engagements (ISAE) 3000 Type II attestation report. The scope of the report covers a total of 171 services and 29 global AWS Regions.
<p>The <a href="https://www.traficom.fi/en/etusivu" target="_blank" rel="noopener">Finnish Transport and Communications Agency (Traficom)</a> Cyber Security Centre published PiTuKri, which consists of 52 criteria that provide guidance when assessing the security of cloud service providers. The criteria are organized into the following 11 subdivisions:</p>
<ul>
<li>Framework conditions</li>
<li>Security management</li>
<li>Personnel security</li>
<li>Physical security</li>
<li>Communications security</li>
<li>Identity and access management</li>
<li>Information system security</li>
<li>Encryption</li>
<li>Operations security</li>
<li>Transferability and compatibility</li>
<li>Change management and system development</li>
</ul>
<p>The report includes 17 additional services in scope, for a total of 171 services. See the full list on our <a href="https://aws.amazon.com/compliance/services-in-scope/PiTuKri/" target="_blank" rel="noopener">Services in Scope by Compliance Program</a> page.</p>
<p>The following are the 17 additional services now in scope for the 2023 Pitukri report:</p>
<p>Five additional AWS Regions have been added to the scope, for a total of 29 Regions. The following are the five additional Regions now in scope:</p>
<ul>
<li>Australia: Asia Pacific (Melbourne) (<span>ap-southeast-4</span>)</li>
<li>India: Asia Pacific (Hyderabad) (<span>ap-south-2</span>)</li>
<li>Spain: Europe (Spain) (<span>eu-south-2</span>)</li>
<li>Switzerland: Europe (Zurich) (<span>eu-central-2</span>)</li>
<li>United Arab Emirates: Middle East (UAE) (<span>me-central-1</span>)</li>
</ul>
<p>The latest report covers the period from October 1, 2022, to September 30, 2023. An independent third-party audit firm issued the report to assure customers that the AWS control environment is appropriately designed and implemented for support of adherence with PiTuKri requirements. This attestation demonstrates the AWS commitment to meet security expectations for cloud service providers set by <a href="https://www.traficom.fi/en/etusivu" target="_blank" rel="noopener">Traficom</a>. </p>
<p>Customers can find the full PiTuKri ISAE 3000 report on <a href="https://aws.amazon.com/artifact/" target="_blank" rel="noopener">AWS Artifact</a>. To learn more about the complete list of certified services and Regions, see <a href="https://aws.amazon.com/compliance/pitukri/" target="_blank" rel="noopener">AWS Compliance Programs</a> and <a href="https://aws.amazon.com/compliance/services-in-scope/PiTuKri/" target="_blank" rel="noopener">AWS Services in Scope</a> for PiTuKri.</p>
<p>AWS strives to continuously bring new services into the scope of its compliance programs to help you meet your architectural and regulatory needs. Contact your AWS account team for questions about the PiTuKri report.</p>
<p> <br>If you have feedback about this post, submit comments in the<strong> Comments</strong> section below. If you have questions about this post, <a href="https://console.aws.amazon.com/support/home" target="_blank" rel="noopener noreferrer">contact AWS Support</a>.</p>
<p><strong>Want more AWS Security news? Follow us on <a title="Twitter" href="https://twitter.com/AWSsecurityinfo" target="_blank" rel="noopener noreferrer">Twitter</a>.</strong></p>
<!-- '"` -->