Sold by: Kriv AI
Kriv AI takes Amazon Bedrock AgentCore workloads from POC to production under HIPAA (healthcare) or SOC 2 Type II (all enterprises) controls. Scope: AgentCore Runtime + Identity + Gateway + Memory isolation + Bedrock Guardrails + Observability + Audit Trail + multi-region DR, deployed on Customer's AWS account. HIPAA §164.308 / §164.312 / §164.316 evidence mapping; SOC 2 Type II Common Criteria (CC1–CC9) mapping; handoff package for Customer's CPA firm or HITRUST EAO. AgentCore became HIPAA-eligible February 10, 2026 ~ 6-month first-mover window. Three tiers: $75K Foundation / $150K Standard / $275K Enterprise + $40K Extra Agent. AWS Select + Databricks + Anthropic Claude Partner Network (April 9, 2026; partner, not reseller).
Overview
Amazon Bedrock AgentCore became HIPAA-eligible on February 10, 2026, opening PHI-touching agent deployments under an executed AWS BAA. There is still no fixed-fee transparent-pricing production-hardening SKU on AWS Marketplace pairing AgentCore with HIPAA Security Rule AND SOC 2 Type II. Kriv's N27 closes that gap in a ~6-month first-mover window.
AgentCore HIPAA eligibility is necessary but not sufficient. AgentCore's six primitives, Runtime, Identity, Gateway, Memory, Observability, and Code Interpreter / Browser sandbox, must be configured, logged, isolated, and documented to withstand HHS OCR scrutiny, SOC 2 Type II (AICPA TSC), cyber-insurance attestation, and Customer TPRM review. Most enterprises hit the same wall: AgentCore POC works in the sandbox but can't pass CISO / HIPAA Privacy Officer / TPRM review for production launch. Memory isolation across tenant boundaries, audit-trail design (CloudTrail + Bedrock Model Invocation Logging + custom AgentCore logs), agent state recovery, end-to-end observability of multi-step executions, OWASP Top 10 for LLM defenses, cost predictability, and multi-region DR all need to be built and documented.
Existing AWS Marketplace listings are thin. Rackspace LegalMind uses AgentCore primitives but is vertical (legal). IBM Consulting Advantage + Adastra Agentic AI + DevSecOps Inc. HIPAA-Compliant Infrastructure + IBM Agentic Cloud Transformation Accelerator lack AgentCore + HIPAA / SOC 2 framing. Big-Four SI runs off-Marketplace: PwC announced $400M AWS agentic security/compliance collaboration; Deloitte agentic SOWs $250K–$1.5M pilot / $2M+ scale; Accenture 450+ agents at $150K–$750K production hardening. Zero Marketplace listings pair "AgentCore" with "HIPAA" or "SOC 2" today. N27 is the first.
Reference architecture. Runtime hardening (sandboxed Code Interpreter + Browser; per-session KMS CMK envelope encryption; ephemeral storage zeroized; session isolation). Identity (OAuth 2.1 + JWT + mTLS; IAM Identity Center + SAML/OIDC; RBAC + ABAC; tenant isolation via tags + SCPs; MFA). Gateway (WAF + Shield Advanced + API Gateway throttling + request signing; PrivateLink). Memory (short + long-term per-tenant isolation; KMS; Macie PII/PHI discovery; 6-yr HIPAA / 3-yr SOC 2 retention). Observability (OpenTelemetry + X-Ray; tool-use decisions logged; CloudWatch + QuickSight FinOps). Bedrock Guardrails (PHI/PII, denied topics, medical-misinformation, fair-lending, bias/fairness; override with dual-approval). Audit Trail (CloudTrail + Bedrock Model Invocation Logging + custom AgentCore logs → S3 Object Lock; hash-chained tamper-evident). Recovery (state checkpointing; multi-region DR active-passive HIPAA, active-active Enterprise). Incident Response (AI runbooks; CloudWatch + EventBridge + SNS to SOC). Security Monitoring (GuardDuty, Security Hub, Macie, Inspector, Config). Secrets Manager + KMS auto-rotation. BAA Verification in Week 1.
HIPAA Security Rule mapping §164.308(a)(1–8) administrative; §164.310 physical (AWS shared responsibility); §164.312(a–e) technical; §164.316 6-yr retention. SOC 2 Type II CC1–CC9 + scoped Availability / Confidentiality / Processing Integrity / Privacy.
Week-by-week. W1 Kickoff + gap analysis + AWS BAA verification + CISO / HIPAA / TPRM pre-approval. W2 Landing zone + audit baseline. W3 Identity + Gateway hardening + pentest smoke test. W4 Memory + Guardrails + Macie. W5 Observability + audit validation. W6 Recovery + DR + IR, Foundation closes (30-day warranty). W7 Standard, HIPAA or SOC 2 evidence + CPA/EAO handoff (60-day warranty). W8 Enterprise, load testing + multi-agent isolation + 90-day hypercare.
Three tiers. Foundation $75K (6 wk; 1 agent; SOC 2-ready; active-passive DR; 30-day warranty) for AI-native Series B–E + Fortune 1000 first internal pilot. Standard $150K (7 wk; up to 3 agents; HIPAA OR SOC 2 evidence package; tenant-isolation hardening; 60-day warranty) for mid-sized healthcare, payers, life sciences, banks, BDs, insurers. Enterprise $275K (8 wk; up to 5 agents; HIPAA + SOC 2 combined; memory isolation validation; multi-region active-active DR; 90-day hypercare) for large regulated, G-SIB banks, top-25 payers, top-25 pharmas. Optional Extra Agent $40K each.
Important disclosures. Kriv is NOT a HITRUST EAO, CPA firm, ISO body, or FDA-registered manufacturer, issues no HIPAA / SOC 2 / HITRUST / ISO certifications. Kriv operates as Customer's BA where PHI flows (BAA required). Does NOT develop Customer agent business logic, hardens surrounding infrastructure. Does NOT operate agents post-deployment (unless Managed Service retainer). No legal / regulatory / compliance advice. AWS + Anthropic + Bedrock consumption separate. No approval outcome guarantee. No AgentCore API stability guarantee. Anthropic CPN membership does not constitute endorsement.
Highlights
- First AgentCore + HIPAA / SOC 2 production-hardening SKU on AWS Marketplace, AgentCore HIPAA-eligible February 10, 2026; ~6-month first-mover window. All six AgentCore primitives hardened on Customer's AWS account: Runtime (sandboxed Code Interpreter + Browser + per-session KMS CMK envelope encryption + ephemeral storage zeroed), Identity (OAuth 2.1 + JWT + mTLS + IAM Identity Center + MFA), Gateway (WAF + Shield Advanced + rate limiting), Memory (per-tenant isolation + KMS + Macie).
- AgentCore Observability (OpenTelemetry + X-Ray + CloudWatch + QuickSight FinOps dashboards) + Bedrock Guardrails (PHI/PII + denied topics + medical-misinformation + fair-lending + bias/fairness filters with dual-approval override) + Audit Trail (CloudTrail + Bedrock Model Invocation Logging + custom AgentCore structured logs to S3 Object Lock, 7-year HIPAA / 3-year SOC 2 retention, hash-chained tamper-evident) + multi-region DR (active-passive Foundation/Standard; active-active Enterprise).
- HIPAA §164.308 / §164.312 / §164.316 + SOC 2 Type II Common Criteria (CC1–CC9) evidence mapping per tier; CPA firm (SOC 2) or HITRUST EAO handoff package. Three tiers: $75K Foundation (1 agent, SOC 2-ready, 6 weeks) for AI-native Series B–E; $150K Standard (3 agents, HIPAA OR SOC 2, 7 weeks) for mid-sized regulated-industry; $275K Enterprise (5 agents, HIPAA + SOC 2 combined, active-active DR, 90-day hypercare, 8 weeks) for G-SIB / top-25 payers / top-25 pharmas.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. First response within 2 US business days (Mon–Fri 9 am – 6 pm ET, ex-US federal holidays). Active engagements: Engagement Lead within 4 business hours weekdays. HIPAA Privacy Officer-blocked or CISO-blocked production launches compress to same business day.
Onboarding SLA. First customer contact within 2 US business days of buyer inquiry / private-offer acceptance. Kickoff within 2–3 weeks of SOW (BAA execution + AWS account delegation extends timing); 5–10 business days when enforcement-driven.
Escalation. (1) Engagement Lead (named in SOW) → (2) Practice Director (info@kriv.ai ) → (3) CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Microsoft Teams channel; weekly 60-min video checkpoint; Friday written status. Customer SMEs 4–6 hrs/week (CISO, CAIO, Head of Platform Engineering, HIPAA Privacy Officer, Head of SRE, CIO/CTO, Internal Audit). Enterprise hypercare adds daily standup.
Handoff. Word/Excel/PDF in customer secure share; reference architecture + landing-zone templates as CloudFormation / CDK; IAM + RBAC/ABAC matrix as JSON + Excel; AgentCore Memory + Guardrails config as JSON; HIPAA + SOC 2 evidence mapping as Excel indexed to control IDs; DR + AI incident runbooks as Word + Markdown.
Out of scope. Kriv is NOT a HITRUST EAO / CPA firm / ISO body; issues no HIPAA / SOC 2 / HITRUST / ISO / 42001 certifications. Operates as Customer's BA (BAA required). Does NOT develop Customer agent business logic. Does NOT operate AgentCore agents post-deployment (unless Managed Service retainer). No legal / regulatory / compliance advice. No approval-outcome guarantee. No AgentCore API stability guarantee.
AWS + Anthropic-side billing. AWS infrastructure + Anthropic API + Bedrock Claude consumption billed separately.
Holiday coverage. Closed on US federal holidays.