All news in category "Regulation and Policy Brief"

AWS Guide Updated for Australian Financial Regulations

🛡️ AWS published an updated AWS User Guide to Financial Services Regulations and Guidelines in Australia to reflect APRA’s Prudential Standard CPS 230 Operational Risk Management, effective 1 July 2025, and APRA’s February 2025 rescission of its 2018 cloud outsourcing information paper. The whitepaper is intended for APRA‑regulated institutions and is particularly useful for leadership, governance, security, risk, and compliance teams seeking to run workloads on AWS. It summarizes APRA expectations on operational risk management and information security and provides materials to begin due diligence and implement appropriate programs within a shared responsibility model. AWS will continue to publish updates through its Security Blog and Compliance resources and encourages customers to engage their AWS account managers for assistance.

CLOUD Act Explained: Provider Obligations and Protections

🔒 AWS clarifies five key points about the CLOUD Act, stressing it does not grant automatic or unfettered access to customer content and that U.S. law requires judicial process for compelled disclosures. AWS reports no disclosure of enterprise or government customer content stored outside the U.S. since 2020. The company notes the Act applies to any provider with a U.S. presence and aligns with international law, while technical controls like AWS Nitro and AWS KMS limit operator access.

How Government Cybersecurity Budget Cuts Affect Business

⚠️Recent federal budget and workforce reductions, including cuts that affect CISA and related grant programs, risk degrading national and local cyber defenses and the flow of threat intelligence and best-practice guidance. Reduced government contracts will force some vendors to shrink R&D and headcount, slowing innovation and increasing monoculture risk. At the same time, MSPs and MDR providers may see greater demand as organizations shift to private-sector solutions.

SAFECOM Updates Emergency Communications Lifecycle Guide

📢 CISA, in partnership with SAFECOM and NCSWIC, released an updated Emergency Communications System Lifecycle Planning Guide and companion Lifecycle Planning Tool on July 2, 2025. The suite refreshes the 2011 and 2018 materials and incorporates public safety practitioners' experiences to inform system build, maintenance, operation, decommission, and replacement decisions. The Lifecycle Guide offers recommendations and the Lifecycle Planning Tool provides checklists for each lifecycle phase. Resources and funding guidance are aligned to help jurisdictions plan technology upgrades.