AWS Marketplace Vendor Insights
AWS Marketplace Vendor Insights simplifies software risk assessments by helping you to procure software that you trust and that meets your industry standards. With AWS Marketplace Vendor Insights, you can monitor the security profile of a product in near real-time from a single user interface. It reduces your assessment effort by providing a dashboard of a software product’s security information. You can use the dashboard to view and evaluate information, such as data privacy, application security, and access control.
AWS Marketplace Vendor Insights gathers security data from sellers and supports buyers through procuring trusted software that continuously meets industry standards. By integrating with AWS Audit Manager, AWS Marketplace Vendor Insights can automatically pull up-to-date security information for your software as a service (SaaS) products in AWS Marketplace. AWS Marketplace Vendor Insights integrates with AWS Artifact third-party reports so you can access on-demand compliance reports for your vendor software, alongside reports for AWS services.
AWS Marketplace Vendor Insights provides evidence-based information from 10 control categories and multiple controls. It gathers the evidence-based information from three sources:
-
Vendor production accounts – Of the multiple controls, 25 controls support live evidence gathering from a vendor's production accounts. Live evidence for each control is generated by one or more AWS Config rules that evaluate the configuration settings of a seller's AWS resources. Live evidence is the method of consistently updating data from multiple sources to present the most current information. AWS Audit Manager captures the evidence and delivers it to the AWS Marketplace Vendor Insights dashboard.
-
Vendor ISO 27001 and SOC 2 Type II reports – The control categories are mapped to controls in the International Organization for Standardization (ISO) and Service Organization Control (SOC) 2 reports. When sellers share these reports with AWS Marketplace Vendor Insights, the service extracts the relevant data and presents it in the dashboard.
-
Vendor self-assessment – Sellers complete a self-assessment. They can also create and upload other self-assessment types, including the AWS Marketplace Vendor Insights security self-assessment and Consensus Assessment Initiative Questionnaire (CAIQ).
The following video demonstrates how you can simplify the SaaS risk assessment and use AWS Marketplace Vendor Insights.