Support for specific regions and industries

The latest sample configuration from Landing Zone Accelerator on AWS (LZA), called the LZA Universal Configuration, was developed from years of experience in delivering landing zones for highly regulated customers across the world. It is designed to accelerate the deployment of a multi-account AWS environment and blends security best practices with Well-Architected principles, with built-in alignment to leading compliance frameworks. The automated deployment of the Universal Configuration can save hundreds of hours in planning, while still establishing a foundation for long-term security and governance best practices.

Landing Zone Accelerator on AWS provisions a multi-account architecture and integration with native AWS security, identity, and compliance services. The security capabilities provisioned by the LZA Universal Configuration, ranging from data perimeter controls through networking, account segmentation and security architecture design, map across technical requirements from well-known frameworks that establish a path for achieving security compliance outcomes faster than doing so manually. The customizations layer of LZA offers the ability to extend governance capabilities that go beyond the native LZA engine and tailor settings to address granular control requirements.

The LZA Universal Configuration sample is accompanied by the LZA Compliance Workbook, built to provide a transparent view of the security control capabilities deployed with LZA through the lens of multiple global compliance frameworks. After signing in to your AWS account, you can access the workbook directly or by navigating to AWS Artifact and searching “LZA Compliance Workbook” in the reports search function. The workbook is attached to a PDF cover page that must be downloaded first and then opened using a compatible PDF viewer (Adobe is recommended).

The LZA Universal Configuration was designed in coordination with AWS teams representing customers from different regions and industries around the world, producing actionable compliance mapping content and local implementation guidance. The list of supported frameworks will continue to grow in the coming months and years. Today, the LZA Universal Configuration offers compliance mapping coverage or use case guidance for the following regional and industry implementations:

Federal Risk and Authorization Management Program (FedRAMP Moderate; High)

Cybersecurity Maturity Model Certification (CMMC)

NIST SP 800-171r2

Germany’s Cloud Computing Compliance Criteria Catalogue (C5)

International Standards Organisation ISO/IEC 27001

Health Insurance Portability and Accountability Act (HIPAA)

The LZA Universal Configuration helps establish infrastructure readiness with security, compliance, and operational capabilities. It is important to note that the LZA solution will not, by itself, make your workload compliant, which is determined by customers and their compliance stakeholders. It provides the foundational infrastructure from which additional complementary solutions can be integrated.

You must review, evaluate, assess, and approve the solution in compliance with your organization’s particular security features, tools, and configurations. It is the sole responsibility of you and your organization to determine which regulatory requirements are applicable and to make sure that you comply with all requirements. This solution does not help you comply with the non-technical administrative requirements.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

External pipeline deployment

Deploy the solution