Risk acceptance validity and review Opt-out

Customer Security Risk Management process

The AMS Advanced Customer Security Risk Management (CSRM) process helps to clearly identify and communicate risks to the right owners. This process minimizes the security risks in your environment and reduces ongoing operational overhead for identified risks.

By default, when someone from your organization requests that AMS implement a change to your managed environment, AMS reviews the change to determine if the request falls outside of the technical standards, which might alter the security posture of your account. If there is a high or very high security risk, then your authorized security personnel accept or reject the change review. Requested changes are also evaluated for adverse effects on AMS's ability to operate the account. If the review finds possible adverse impacts, then additional reviews and approvals are required within AMS.

Risk acceptance validity and review

Risk acceptances are valid for one year from the date of approval. If a previously accepted risk scenario arises again after one year, the risk acceptance must be reviewed and re-approved before it can be applied. This annual review ensures that risk decisions remain aligned with current technical standards, regulatory requirements, and your organization's evolving risk profile.

Opt-out

You can opt-out from the approval-based workflow in the CSRM process for high or very high risks. To change the CSRM option for specific accounts from Standard CSRM to Notification Only, work with your Cloud Service Delivery Managers to create a one-time risk acceptance. If you choose to proceed with the Notification Only option, then AMS implements the requested changes regardless of the risk category. And, AMS sends a risk notification to your authorized risk approvers instead of seeking approval prior to the change implementation.

Speak with your Cloud Architects or Cloud Service Delivery Managers for more information about the AMS CSRM process, how to change the default CSRM option when onboarding new AMS accounts, or how to update existing accounts.

Note

AMS strongly recommends that you use the default option of Standard CSRM in all of your accounts.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Change request security reviews in AMS Advanced

AMS Advanced technical standards