We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Your privacy choices
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
AWS GovCloud (US) supports compliance with United States International Traffic in Arms Regulations (ITAR). As a part of managing a comprehensive ITAR compliance program, companies that are subject to ITAR export regulations must control unintended exports by enabling access to only authorized persons. AWS GovCloud (US) provides an environment that is physically located in the US, and access by AWS personnel is limited to US Citizens, thereby allowing qualified companies to use AWS to transmit, process, and store protected articles and data subject to ITAR restrictions. The AWS GovCloud (US) environment has been audited by an independent third-party assessment organization (3PAO) to validate that proper controls are in place to support customer export compliance programs.
International Traffic in Arms Regulations (ITAR) controls the export from the US of defense-related articles, and the regulations state that no non-US person can have physical or logical access to the articles stored in the ITAR environment.
Articles that are covered by the ITAR United States Munitions List (USML) include equipment, components, materials, software, and technical information that can only be shared with US Persons unless under special authorization or exemption. US Persons are individuals who are US Green Card (Permanent Resident Card) holders or US citizens.
How do ITAR requirements apply in the cloud?
ITAR compliance in the cloud focuses on ensuring that information considered ITAR technical data is not inadvertently released to foreign persons or foreign nations without proper authorization.
How does AWS support customers who are subject to ITAR export regulations?
AWS provides customers with the option to store their data in AWS GovCloud (US), which is managed solely by US Citizens in US locations. AWS GovCloud (US) is Amazon’s isolated cloud environment where accounts are only granted to US Persons working for US organizations.
Because AWS does not have any visibility into what customers are uploading onto our network, including whether or not that data is deemed subject to ITAR regulations, all customer data within AWS GovCloud (US) is treated as ITAR data.
How does AWS GovCloud (US) provide assurance to customers that it meets ITAR requirements?
There is no formal ITAR certification. AWS GovCloud (US) is continuously audited by an accredited Federal Risk Authorization Management Program (FedRAMP) independent third-party assessment organization (3PAO) and has been issued a FedRAMP Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) at the High Baseline. The Chief Information Officers (CIO) from the US Department of Defense, Department of Homeland Security, and General Services Administration represent the JAB. For more information, see Achieve FedRAMP High Compliance in AWS GovCloud (US).
How does the AWS Shared Responsibility apply when customers transmit, process, and store ITAR data in AWS?
AWS is responsible for the logical and physical compliance of the cloud infrastructure and core services we offer. Customers are responsible for their own on-premises IT infrastructure, applications, and systems. The AWS GovCloud FedRAMP Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) at the High Baseline attests to the controls in place within AWS GovCloud (US). AWS supports customers who are building ITAR-compliant systems in AWS. The following are some examples of AWS services that help customers manage their own security compliance obligations:
Safeguard Sensitive Data: Customers can protect sensitive unclassified data with server-side encryption in Amazon S3; store and manage security keys with AWS CloudHSM or use our one-click AWS Key Management Service (KMS).
Improve Cloud Visibility: Customers can audit access and use of sensitive data with Amazon CloudTrail, our API logging service, which is managed and operated by US Persons.
Strengthen Identity Management: Customers can limit access to sensitive data by individual, time, and location. To restrict which API calls users are able to make, you can use identity federation, easy key rotation, and other powerful access control testing tools that are available in AWS.
Have Questions? Connect with an AWS Business Representative
