Pinakes

FAQs

• How can I access AWS’ Pinakes report?

  The full evaluation report will be published on AWS Artifact. Pinakes participants who are AWS customers can contact their AWS account manager to request access to it. 

• Which AWS services are covered by the Pinakes qualification?

  The AWS services that are in scope for Pinakes can be found on the AWS Services in Scope by Compliance Program page. If you would like to learn more about using these services and/or have interest in other services please contact us. 

• Which AWS Regions are covered by the Pinakes qualification?

  The Pinakes assessment covers 31 AWS Regions worldwide, including the Europe (Spain) Region. The detailed AWS Regions list is available in the report. 

• How does Pinakes validate AWS controls?

  AWS engaged an independent auditing firm that is qualified to perform a Pinakes assessment. The Pinakes framework currently contains 1,315 requirements under 14 domains in its version 1.0:

  • Information Security Management Program
  • Facility Security
  • Third Party Management
  • Normative Compliance
  • Network Controls
  • Access Control
  • Incident Management
  • Encryption
  • Secure Development
  • Monitoring
  • Malware Protection
  • Resilience
  • Systems Operation
  • Staff Safety

  Each requirement is linked to a different security level, rated from the highest “A+” (outstanding) to the lowest “D” (basic). AWS provided demonstrated evidence for more than 1,000 controls including strength, coverage, and timeliness assertions through a detailed assessment.
  

• How often is AWS Pinakes assessment updated?

  AWS’ Pinakes assessment and evidence validation are updated annually.