Although additional AWS services have robust security and are covered by a variety of voluntary industry certifications, HIPAA imposes regulatory obligations and requirements that must be met as well. AWS limits the HIPAA eligibility of services to those that meet the HIPAA requirements applicable to our operating model by aligning our HIPAA risk management program with FedRAMP and NIST 800-53, a higher security standard that maps to the HIPAA Security Rule. NIST supports this alignment and has issued SP 800-66, “An Introductory Resource Guide for Implementing the HIPAA Security Rule,” which documents how NIST 800-53 aligns to the HIPAA Security Rule