Security
When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared responsibility model
Security Controls and Compliance
MDAA implements multiple security controls and compliance measures:
-
Compliance with multiple AWS CDK Nag rulesets:
-
AWS Solutions ruleset
-
NIST 800-53 Rev 5 ruleset
-
HIPAA ruleset
-
Adherence to ITSG-33 PBMM Security Control Requirements
-
Implementation of security best practices across all deployed resources
Encryption
MDAA enforces comprehensive encryption measures:
-
Ubiquitous encryption at rest for all data storage components
-
Mandatory encryption in transit for all data transfers
-
Integration with AWS KMS for key management
Access Control
The solution implements the principle of least privilege:
-
Least-privileged permissions by default for all deployed resources
-
Role-based access control (RBAC) implementation
-
Secure self-service deployments through AWS Service Catalog (optional)
Governance Controls
MDAA provides several governance mechanisms:
-
AWS CloudFormation as the single deployment mechanism through CDK
-
Consistent resource naming conventions across all deployments
-
Standardized tagging strategy for all generated resources
-
Centralized change management through Infrastructure as Code
Resource Management
Security is enforced through:
-
Consistent deployment patterns across all MDAA modules
-
Standardized SSM parameter publication for secure resource reference
-
Compliant resource configurations by default
Monitoring and Metrics
The solution includes:
-
Anonymous operational metrics collection (with opt-out capability)
-
Integration with AWS native security monitoring services
-
Compliance validation capabilities
