AWS Marketplace

Using AWS Marketplace to extend FedRamp compliant architectures

AWS Marketplace is a curated digital catalog that provides third-party software, data, and services that run on Amazon Web Services (AWS). It includes thousands of software listings and simplifies the software licensing and procurement process. For public sector organizations faced with limited time and resources, AWS Marketplace serves as an efficient and effective route for them to deliver their missions. AWS Marketplace can also help public sector organizations overcome one of their biggest blockers—strict compliance regulations.

AWS supports 143 security standards and compliance certifications. For more information, see AWS Compliance. Any solution available from AWS Marketplace will inherit the security controls that AWS uses on its own infrastructure to help meet these standards. This means that AWS Partners listing offerings in AWS Marketplace will already have a head start on meeting compliance regulations.

To give buyers a more comprehensive view of the security and compliance information for the product or vendor, AWS announced AWS Marketplace Vendor Insights. Vendor Insights allows sellers to provide on-demand access to evidence regarding their security and compliance, streamlining the buyer’s risk assessment and procurement process.

AWS Marketplace is available in all AWS Regions, including commercial AWS Regions, AWS GovCloud (US) Regions, and classified Regions. This enables users to procure solutions in AWS Marketplace that can be certified to meet stricter regulations.

FedRamp compliance on AWS

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring of cloud products and services. Cloud service providers (CSPs), such as AWS, that offer cloud service offerings (CSOs) to the US government must demonstrate FedRAMP compliance. FedRAMP uses the NIST Special Publication 800 series. NIST requires CSPs to complete an independent security assessment conducted by a third-party assessment organization (3PAO). AWS launched the AWS GovCloud (US) Regions in 2011 to address those unique regulatory challenges. The AWS GovCloud (US) Regions have hundreds of services and features available to address the technical needs of the federal government and other customers subject to those compliance requirements. For a complete list of services see, Services in AWS GovCloud (US) Regions. In addition to the available services that AWS offers, there are over 100 FedRAMP compliant solutions built by our AWS Partners that can be found in AWS Marketplace.

Using AWS Marketplace to speed up regulatory ATO requirements

AWS Marketplace stands as an invaluable solution for organizations seeking to obtain Authority to Operate (ATO) by offering a diverse ecosystem of compliant software solutions. AWS has obtained FedRamp Provisional Authority to Operate (P-ATO) for their CSOs, but it is the responsibility of the mission owner to obtain full ATO.

Numerous AWS Marketplace vendors provide cutting-edge security and compliance tools essential for achieving ATO requirements. These vendors offer firewall solutions, intrusion detection systems, and advanced threat protection services—all crucial components for securing sensitive data and applications in alignment with regulatory standards. Additionally, AWS Marketplace ensures that these vendor offerings are preconfigured to comply with industry regulations, streamlining the ATO process. By using these solutions, organizations can effectively address security concerns, demonstrate compliance, and expedite the ATO process.

Avoiding vendor lock-in with AWS Marketplace

AWS Marketplace solves a major issue for many organizations: vendor lock-in. Vendor lock-in occurs when a company is heavily dependent on a vendor to the point where they are unable to transition to a different service. This can be because of contractual obligations or the effort required to refactor applications when switching services. AWS Marketplace offers the option to deploy software familiar to organizations, allowing them to extend the in-house technical expertise of familiar solutions in the cloud. Customers are also able to take advantage of AWS Marketplace’s Bring Your Own License (BYOL) options, allowing organizations to bring legacy licenses to the cloud without having to repurchase products.

With AWS’s pay-as-you-go pricing model, customers are never locked into the AWS platform and can migrate out and shut down their AWS accounts at any time, preventing vendor lock-in with AWS as a CSP.

Where do I start?

Anyone with an AWS account can use AWS Marketplace. Visit AWS Marketplace to get started and learn more. For more information on FedRAMP on AWS, visit the FedRAMP landing page.

About Authors

Alex Evans

Alex Evans is a Solutions Architect supporting Department of Defense customers. He is based in Northern Virginia and specializes in Infrastructure Security. Outside of work, Alex is a proud University of Maryland alumnus and Philadelphia sports fan.

Elhadj Barry

Elhadj Barry is a DC-based Marketplace Specialist Solutions Architect with a focus on AWS Marketplace Governance and Security. He is passionate about utilizing AWS services to create innovative solutions that drive value and business outcomes.

Kain Leo

Kain is a California based Solutions Architect supporting the State and Local Governments of Southern California. He loves how different products can all come together and integrate with AWS services to create innovative solutions that drive businesses forward.