Protected Data Guideline for AWS
Amazon Web Services - Sensitive Data Guidance
AWS has a core set of听, but it is up to each user to implement appropriate security controls and to comply with applicable University policies, notably听policies relating听to the protection of University data听补苍诲听Level 1 data policies.听
Third-party content that is available through AWS are generally governed by separate contract terms and conditions, including separate fees and charges. AWS may not have tested or screened third-party content.
| Data Type | Data Use | Comments |
|---|---|---|
| Credit Card听(PCI-DSS) | Not permitted. | Not acceptable for PCI-DSS data. |
| Export Control | Consult | Consult with听Information Security. |
| Electronic Protected Health Information听(ePHI) subject to HIPAA | Consult | HIPAA Business Associate Agreement has been signed. Consult with听Information Security. |
| Human Subject Research | Consult | Consult with听Information Security. |
| Intellectual Property | Consult | Consult with听Information Security. |
| IT Security Information | Permitted | When appropriately configured. |
| Other Sensitive Institutional Information听 (e.g. Fundraising, Attorney/Client Privileges) |
Consult | Consult with听Information Security. |
| Personally Identifiable Information (PII) | Consult | When appropriately configured; consult with听Information Security.听 |
| Public Information | Permitted | 听 |
| Research Data听 (Animal General, Non-Humanoid Subject Research) |
Permitted | Consult with听Information Security听and office of research.听 |
| Student Education Records (FERPA) |
Permitted | Excluding student health records. Consult with听Information Security. |