AWS FISMA Moderate

Posted on: Sep 15, 2011

AWS has received Federal Information Security Management Act (FISMA) Moderate Authorization and Accreditation from the U.S. General Services Administration. FISMA requires federal agencies to develop, document, and implement an information security system for its data and infrastructure. Government entities can now utilize AWS infrastructure services while meeting security requirements for applications demanding the stringent security practices of the FISMA Moderate level. This accreditation covers Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), Amazon Virtual Private Cloud (Amazon VPC) and the infrastructure upon which they run. With the addition of FISMA Moderate, the AWS security and compliance framework now covers FISMA Low and Moderate, PCI DSS Level 1, FIPS 140-2, ISO 27001, and SAS-70 type II. AWS also provides an environment that enables businesses to comply with HIPAA regulations.

FISMA Moderate Authorization and Accreditation requires AWS to implement and operate an extensive set of security configurations and controls. This includes documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure as well as conducting third party audits. This is the first time AWS has received a FISMA Moderate authority to operate.

By meeting the Federal government’s requirements for FISMA Moderate, agencies can rapidly expand their cloud computing footprint, deploying sensitive government data and applications on AWS while continuing to comply with the government’s unique and rigorous security requirements.

AWS continues to provide cloud computing services to the U.S. government through its growing solution provider network. AWS solution provider and reseller URS-Apptis was awarded an Infrastructure-as-a-Service blanket purchase agreement (BPA) from the U.S. General Services Administration (GSA). AWS is the exclusive technology provider under this agreement. Government agencies can now easily procure on-demand, highly reliable, highly scalable, and cost-efficient technology resources using the GSA IaaS BPA.

To learn more about Amazon Web Services security certifications, and other AWS security practices, visit To learn more about how AWS works with government agencies, visit or visit to learn about AWS GovCloud, an AWS Region with additional US Persons only controls.