Compliance validation for AWS End User Messaging SMS

To learn whether an AWS service is within the scope of specific compliance programs, see AWS services in Scope by Compliance Program and choose the compliance program that you are interested in. For general information, see AWS Compliance Programs.

You can download third-party audit reports using AWS Artifact. For more information, see Downloading Reports in AWS Artifact.

Your compliance responsibility when using AWS services is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. For more information about your compliance responsibility when using AWS services, see AWS Security Documentation.

Security Assurance Program Considerations for SMS

The AWS End User Messaging capabilities are eligible for the security assurance programs list in Compliance Resources. This means that it is possible to build compliant solutions using SMS. For customers to build compliant solutions, they should consult their own security teams.

When dealing with sensitive data in SMS messages, it's crucial to follow relevant regulations and industry standards. While AWS provides robust security measures within our cloud environment, the responsibility for protecting data is shared with you, our customer. This shared responsibility model ensures that you have the flexibility to build solutions tailored to your specific needs, even when data leaves the AWS boundary.

While AWS End User Messaging SMS encrypts all data at rest and in transit, the final channel, such as SMS, may not be encrypted, and customers should configure any channel in a manner consistent with their requirements.