Security, Compliance, and Governance for AI Solutions
Securing the system (Task 5.1) and governing it (Task 5.2) answer different questions
Assuming you know AWS offers IAM, KMS, and audit services, this domain teaches you to sort any control into protecting the system versus proving it complies. This domain has two halves that the exam keeps separate, and telling them apart is the single most reliable way to pick the right answer. Task 5.1 is technical hardening: it answers 'is this system protected?' with controls that act on the live workload: AWS IAM for least-privilege access, AWS KMS for encryption, Amazon Macie for sensitive-data discovery, and AWS PrivateLink for private connectivity. Task 5.2 is governance and compliance: it answers 'are we allowed to run this, and can we prove it?' with services that produce evidence and enforce policy: AWS Artifact, AWS Audit Manager, AWS Config, and AWS CloudTrail. A workload can be fully encrypted and IAM-locked yet still fail an audit if no one can prove it stayed within the rules: hardening is necessary but not sufficient, because compliance is shown with evidence, the theme of the evidence principle below. When a stem asks how to protect or restrict, look at 5.1 services; when it asks how to demonstrate, report, or stay within a regulation, look at 5.2 services.
The shared responsibility model is the throughline that ties both halves together
Every control in this domain sits on one side of the AWS shared responsibility model, and the same dividing line governs both security and compliance. For security: AWS secures the cloud (physical infrastructure, the hypervisor, and the managed AI services such as Amazon Bedrock and Amazon SageMaker AI themselves), while you secure what is in the cloud: your IAM permissions, your encryption choices, the prompts and fine-tuning data you supply, and your network configuration. For compliance the same split applies: AWS certifies its own platform (compliance OF the cloud, the SOC and ISO reports you pull from AWS Artifact), while you remain accountable for the compliance of the workload you build on top (compliance IN the cloud, the evidence you assemble in Audit Manager). The recurring trap on both tasks is assuming 'managed' or 'AWS is certified' means your data, access, and obligations are handled automatically: they are not. AWS holding a SOC 2 certificate does not make your application SOC 2 compliant.
Each service maps to one concern and one kind of artifact: distractors mix them up
Because both tasks span a similar roster of AWS services, the exam's favorite distractor is offering a plausible-but-wrong service from the same family. The defense is to fix in mind one concern and one output per service. On the 5.1 side: IAM = who can act, KMS = data encrypted at rest, Macie = sensitive-data discovery in Amazon S3 (it classifies but does not remediate), PrivateLink/VPC = private network path, and Amazon Bedrock Guardrails = an application-layer content filter, not infrastructure security. On the 5.2 side: Artifact = AWS's own certifications to download, Audit Manager = continuous evidence about your workload, Config = resource-configuration state and drift, CloudTrail = an immutable API-action history, Amazon Inspector = vulnerability scanning, and AWS Trusted Advisor = account best-practice checks. Two recurring decision pairs: 'was the bucket encrypted?' is a Config question while 'who turned encryption off?' is a CloudTrail question; and 'download AWS's SOC 2 report' is Artifact while 'prove our workload is SOC 2 compliant' is Audit Manager.
Compliance is shown with evidence and run as an ongoing process, not asserted once
The unifying governance message of Task 5.2 is that compliance is demonstrated with auditable evidence (logs, downloadable reports, configuration history, and assessment records) never merely claimed in a policy document. That evidence is generated continuously by tooling (Audit Manager assessments, Config history, CloudTrail trails) and is wrapped in human process: governance review boards, a defined review cadence, transparency standards, and team-training requirements so policies are enforced consistently rather than left to individual judgment. Governance also spans the full data-and-model lifecycle: data governance manages lineage, cataloging (via the AWS Glue Data Catalog), residency, retention, and monitoring, while model governance applies MLOps discipline such as versioning, approval gates, and documentation through SageMaker Model Cards. For generative AI specifically, AWS offers the Generative AI Security Scoping Matrix to classify a workload by how much of the model you own, from consuming a public app to self-training, and apply the right controls per scope.
Securing AI systems (Task 5.1) vs. governing & evidencing them (Task 5.2)
| Aspect | Securing the system (Task 5.1) | Governance & compliance (Task 5.2) |
|---|---|---|
| Core question | Is the system protected from unauthorized access and data exposure? | Are we allowed to run this, and can we prove it? |
| Acts on | The live workload: identities, keys, data, network | Evidence, policy, and the data/model lifecycle |
| Representative AWS services | IAM, AWS KMS, Amazon Macie, AWS PrivateLink/VPC, Bedrock Guardrails | AWS Artifact, AWS Audit Manager, AWS Config, AWS CloudTrail, Amazon Inspector, AWS Trusted Advisor |
| Typical output | Scoped permissions, encrypted data, private paths, filtered content | Downloadable certifications, assessment reports, configuration history, API-action logs |
| Shared-responsibility focus | Securing what is IN the cloud (your config and data) | Evidencing compliance IN the cloud; pulling AWS's OF-the-cloud certifications from Artifact |
| Exam trigger phrases | 'protect', 'restrict access', 'encrypt', 'keep off the internet', 'discover PII' | 'prove compliance', 'audit evidence', 'meet HIPAA/GDPR/SOC', 'who did what', 'download AWS's report' |