What should the Administrator do?
Work with AWS support to schedule a tour for the auditors.
Send a copy of the AWS Security whitepaper to the auditors.
Obtain a relevant report from AWS Artifact and share it with the auditors.
Find the address for the AWS Direct Connect facility on the AWS Website.
Explanations:
While scheduling a tour may seem beneficial, AWS does not typically allow external audits or tours of their data centers due to security protocols. Therefore, this option is not viable for providing proof of physical security.
The AWS Security whitepaper provides general security practices and measures but does not specifically offer proof of physical security at AWS facilities. It is not sufficient documentation for compliance assessments that require physical security evidence.
Obtaining a relevant report from AWS Artifact is the best option as it provides access to compliance reports, including information on physical security controls implemented by AWS. This is a formal and appropriate way to demonstrate compliance to auditors.
Finding the address of an AWS Direct Connect facility does not provide any proof of physical security related to the application’s hosting facilities. Addresses do not convey the security measures in place and would not satisfy the requirements of a compliance assessment.
I systematize that the answer is:
Obtain a relevant report from AWS Artifact and share it with the auditors.