AI Market Logo
Login Sign Up
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%
BTC $43,552.88 -0.46%
ETH $2,637.32 +1.23%
BNB $312.45 +0.87%
SOL $92.40 +1.16%
XRP $0.5234 -0.32%
ADA $0.8004 +3.54%
AVAX $32.11 +1.93%
DOT $19.37 -1.45%
MATIC $0.8923 +2.67%
LINK $14.56 +0.94%
HAIA $0.1250 +2.15%

Product Compliance

1. Executive Summary

Report Period: January 1, 2023 – September 30, 2023

AWS Account ID: 062961893548

AWS Account Name: hashcashconsultants

Report Prepared By: Pritam Roy

Date of Report Preparation: September 22, 2023

2. Scope and Objectives

Scope of Examination

This compliance report covers the examination of controls related to AWS service use in the US West (N. California) Main Region (most services), Europe (Ireland) & Asia Pacific (Tokyo) (specific EC2 instances), and US East (N. Virginia) (SES and SNS).

Objectives

The objectives of this report are to evaluate the effectiveness of controls related to security, availability, processing integrity, confidentiality, and privacy.

3. AWS Services in Scope

AWS Services in Scope:

  • AWS EC2
  • AWS S3
  • AWS IAM (Identity and Access Management)
  • AWS VPC (Virtual Private Cloud)
  • AWS VPN (Virtual Private Network)
  • AWS NACL (Network Access Control Lists)
  • AWS Security Groups
  • AWS KMS (Key Management Service)
  • AWS SES (Simple Email Service)
  • AWS SNS (Simple Notification Service)
  • AWS Secrets Manager
  • AWS Security Hub
  • AWS WAF & Shield
  • AWS Macie
  • AWS SSM (Systems Manager)
  • AWS Route 53
  • AWS SQS (Simple Queue Service)
  • AWS IAM Roles & Policies
  • AWS MFA (Multi-Factor Authentication)
  • AWS CloudWatch
  • AWS CloudTrail
  • AWS VPC Flow Logs

Regions:

  • US West (N. California) Main Region: Utilized for most AWS services.
  • Europe (Ireland) & Asia Pacific (Tokyo): Used for specific EC2 instances.
  • US East (N. Virginia): Utilized for SES and SNS.

AWS Services Overview:

AWS EC2 (Elastic Compute Cloud)

AWS EC2 provides resizable compute capacity in the cloud, allowing organizations to run virtual servers, known as instances, for various computing workloads.

AWS S3 (Simple Storage Service)

AWS S3 offers scalable and highly durable object storage. It is used for storing and retrieving data, making it suitable for backups, data archiving, and serving static website content.

AWS IAM (Identity and Access Management)

AWS IAM is a service for managing user access to AWS resources. It allows organizations to control who can access their AWS accounts and resources and what actions they can perform.

AWS VPC (Virtual Private Cloud)

AWS VPC enables organizations to create isolated network environments within the AWS cloud. It provides control over IP addressing, routing, and network connectivity, allowing for secure and private network configurations.

AWS VPN (Virtual Private Network)

AWS VPN allows secure communication between on-premises data centers or remote offices and AWS resources over encrypted connections, enhancing network security.

AWS KMS (Key Management Service)

AWS KMS is a managed service for creating and controlling encryption keys. It helps organizations protect their data by enabling encryption of stored data and data in transit.

AWS Security Hub

AWS Security Hub provides a comprehensive view of security alerts and compliance status across an AWS environment. It helps organizations identify and remediate security vulnerabilities.

AWS CloudWatch

AWS CloudWatch is a monitoring and observability service that collects and tracks metrics, collects and monitors log files, and sets alarms. It helps organizations gain insights into AWS resources and applications.

4. Infrastructure Overview

Our AWS infrastructure is designed to ensure security, availability, and data protection. It comprises multiple data centres across the Mumbai Main Region, Singapore (specifically for some EC2 services), and North Virginia (for SES and SNS). Key aspects of our infrastructure include:

Network Architecture

We utilize Amazon Virtual Private Cloud (VPC) to create isolated network environments. VPC peering and VPNs are employed for secure communication.

Data Centres

Our data centres are distributed to enhance availability and disaster recovery capabilities. Redundancy and failover mechanisms are implemented.

Security Measures

Security groups, Network Access Control Lists (NACLs), and AWS WAF & Shield protect against unauthorized access and DDoS attacks. Key management is handled through AWS Key Management Service (KMS).

5. Control Objectives

Our control objectives encompass various aspects of security, availability, data protection, and compliance for the AWS services within scope:

Security

Ensure that all AWS resources are securely configured and monitored for any suspicious activity.

Availability

Maintain high availability by employing redundancy and failover mechanisms.

Data Protection

Safeguard sensitive data through encryption, access controls, and regular backups.

Compliance

Adhere to industry-specific compliance requirements and best practices.

6. Control Activities

We have implemented the following control activities and policies for each control objective:

Security

Regularly review and update security group rules and NACL configurations. Conduct security audits and vulnerability assessments.

Availability

Utilize AWS Auto Scaling for dynamic resource provisioning. Implement Elastic Load Balancers (ELBs) for distributing traffic.

Data Protection

Enforce encryption-at-rest and in-transit using AWS KMS and SSL/TLS. Data is backed up to Amazon S3 with versioning enabled.

Compliance

Periodically review AWS compliance reports and ensure our environment aligns with relevant compliance standards.

7. Control Testing

Control testing was conducted using a combination of automated tools and manual assessments. Methodologies included vulnerability scanning, penetration testing, and reviewing AWS CloudTrail logs.

Sampling was performed on a representative subset of AWS resources. Test results indicated that controls were effectively configured and monitored.

8. Control Effectiveness

Controls were evaluated for their effectiveness in mitigating risks. Results showed that controls are achieving their intended objectives and providing a robust security posture.

9. Control Exceptions

No control exceptions were identified during testing. All controls were found to be in compliance with defined policies.

10. Conclusion

In conclusion, our AWS infrastructure demonstrates a strong commitment to security, availability, data protection, and compliance. Control testing indicates that our controls are robust and effective.

Compliance Contact

For questions about our AWS infrastructure compliance or security measures, please contact our compliance team.

Email: user-support@crypto-market.ai