AWS Wickr achieves DoD Impact Level 4 and 5 authorization

Amazon Web Services (AWS) is excited to announce that AWS Wickr has been authorized for Department of Defense Cloud Computing Security Requirements Guide Impact Level 4 and 5 (DoD CC SRG IL4 and IL5) in the AWS GovCloud (US-West) Region.

What is the DoD CC SRG?

The DoD CC SRG, which is maintained by The U.S. Defense Information Systems Agency (DISA), outlines the security model for the DoD’s use of cloud computing, detailing the necessary security controls and requirements for cloud-based solutions. The DoD CC SRG defines four impact levels (IL2, IL4, IL5, and IL6) based on the sensitivity of DoD information stored and processed in the cloud, and the potential impact if there were a loss of confidentiality, integrity, or availability of that information.

The launch of AWS Wickr’s DoD CC SRG IL4 and IL5 authorization helps DoD customers maintain the security of, and control over communications that contain controlled unclassified information (CUI), mission-critical information, and National Security Systems (NSS) information.

What is AWS Wickr?

Wickr is an end-to-end encrypted messaging and collaboration service with features designed to help you keep communications secure, private, and compliant. Wickr protects one-to-one and group messaging, voice and video calling, file sharing, screen sharing, and location sharing with 256-bit encryption, and provides data retention capabilities. Every message, call, and file is encrypted on the sender’s device using a unique secret key, and remains secure in transit. No one except intended recipients and your organization can access the content.

You can create Wickr networks through the AWS Management Console. Administrative controls allow your Wickr administrators to add, remove, and invite users, and organize them into security groups to manage messaging, calling, security, and federation settings. You maintain full control over data, which includes addressing information governance polices, configuring ephemeral messaging options, and deleting credentials for lost or stolen devices.

Unlike popular consumer messaging apps, Wickr allows you to log internal and external communications—including conversations with guest users, contractors, and other partner networks—in a private data store that you manage. This helps you retain messages and files that are sent to and from your organization to meet requirements such as DoD Instruction 8170.01, which prescribes procedures for the collection, distribution, storage, and processing of DoD information through electronic messaging services.

Enhance security and meet your requirements

The DoD CC SRG IL4 and IL5 authorization of Wickr builds on Wickr’s existing DoD SRG IL2 authorization. Wickr is also Federal Risk and Authorization Management Program (FedRAMP) authorized at the Moderate impact level in the AWS US East (N. Virginia) Region, FedRamp High authorized in the AWS GovCloud (US-West) Region, and meets compliance programs and standards such as Health Insurance Portability and Accountability Act (HIPAA) eligibility, International Organization for Standardization (ISO) 27001, and System and Organization Controls (SOC) 1,2, and 3.

To learn more about Wickr visit our AWS Wickr product page, or contact us. For more information about AWS compliance, visit our Services in Scope page.

About the Authors

Anne Grahn Anne is a Senior Worldwide Security GTM Specialist at AWS, based in Chicago. She has more than 13 years of experience in the security industry, and focuses on effectively communicating cybersecurity risk. She maintains a Certified Information Systems Security Professional (CISSP) certification.

Whiting Chisman Whiting is a Sr. Technical Product Manager at AWS Wickr, focusing on US federal customers and their mission requirements. He resides in Arlington, VA.