Log in Sign up

Amazon Multi-Channel Fulfillment’s data security process now aligned with NIST CSF & CMMC L1

digital image of lines and dots like a cybersecurity map
1 min to read
Was this page helpful?
What didn’t work for you?
Thank you!

Your feedback helps us improve this page.
Thank you!

Your feedback helps us improve this page.

I am excited to announce the alignment of Amazon Multi-Channel Fulfillment (MCF) with two widely-recognized, industry-leading security frameworks: the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) version 1.1 and Cybersecurity Maturity Model Certification (CMMC) v2.0 Level 1 (L1). The CMMC aligns to controls in NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, which may be applied to any organization who processes, stores, and transmits customer data. A 3P validation letter is now available to MCF customers who entrust us to protect critical assets core to their business and mission, attesting that security is foundational to how we build, design and deliver every product and services and protect merchant and customers’ data. MCF’s high security bar initially validated in 2022 through achieving ISO 27001 certification is now coupled with NIST CSF and CMMC Level 1 alignment - meaning our customers can trust that we secure their data.

NIST CSF is a voluntary, risk-based, outcome-focused framework. CSF, originally intended for critical infrastructure, is endorsed by governments and industries worldwide as a recommended baseline for organizations of all types and sizes; including healthcare, financial services, manufacturing, and technology. When followed, it establishes a foundational set of security activities organized around five functions - Identify, Protect, Detect, Respond, and Recover - to help improve an organization’s security, risk management, and resilience.
CMMC is a cybersecurity control framework comprised of three maturity levels from basic (L1) to expert (L3), each level includes separate requirements. The Department of Defense (DoD) established CMMC to improve information security across the Defense Industrial Base (DIB) and will require vendors to be certified to specific CMMC levels, based upon the sensitivity of data processed.

MCF’s commitment to data security comes from our customer obsession and prioritizing security from the start. Aligning our ISO 27001 certification with NIST CSF and CMMC translates our processes to broadly applicable frameworks recognized by large enterprises and highly regulated industries. Our 3P letter shows how MCF’s security controls provide all existing and future customers a level of assurance that MCF services keep your data secure.

Tags:  IT Security, News
Related content