AWS Public Sector Blog

Acquia, an APN Technology Partner, Leverages AWS to Achieve FedRAMP Compliance

Acquia, a cloud platform for building, managing, and optimizing digital experiences, has received a Federal Risk and Authorization Management Program (FedRAMP) Authority to Operate (ATO), a rigorous cloud security assessment for vendors that sell to the US federal government. The U.S. Department of Treasury sponsored the FedRAMP assessment at the moderate impact level. Acquia’s FedRAMP compliant solutions are powered by the US East and US West AWS regions.

Acquia leveraged the AWS FedRAMP vendor package, inherited the infrastructure controls, and implemented all the other controls at the platform level.

“Leveraging the AWS infrastructure eliminated complexities and management of the policy components throughout the FedRAMP accreditation process. AWS’s security team provided a lot of guidance, not only about FedRAMP, but on Department of Defense security in general,” Peter Durand, VP Federal Sector, Acquia, said, “This partnership with AWS allowed us to cut down the time it took to get our accreditation, gave us ease of assurance and confidence in the security of the infrastructure, and now allows us to continue to provide innovative solutions to our government customers.”

Acquia uses AWS in a variety of ways, such as managing and provisioning the IT infrastructure necessary to host its customers’ websites and web applications. With this FedRAMP certification, Acquia expects to see a significant increase in pipeline as federal government customers can more easily adopt these Acquia solutions.

FedRAMP removes barriers to cloud adoption for government customers. Since websites are a point of entry for agencies into the cloud, this opens the door for federal government customers to look toward the cloud to solve other mission challenges. For Acquia, FedRAMP has accelerated customers move to the cloud, adoption of open source technology, and the use of platform-as-a-service.

When asked about what advice they would give other APN partners looking to receive a FedRAMP ATO, Durand said, “Companies or organizations really need to understand the complexity and investment they need to make to be FedRAMP compliant. And consider a strong sponsoring agency willing to help through the process. As much as it is a lift on AWS, it is also a lot of work on the agency side. Having a federal agency partner who is deeply invested and has the cycles to support the partner going through the process in addition to AWS is helpful.”

AWS partners and prospective customers can also request access to the AWS Partner FedRAMP Security Package by contacting their AWS Sales Account Manager.

Want to continue to learn about FedRAMP? For the fastest path to an ATO, access the AWS NIST Quick Start tools in the AWS GovCloud (US) Console and deploy FedRAMP High-compliant architectures with the click of a button. Learn more and Get Started Now.

AWS Public Sector Blog Team

AWS Public Sector Blog Team

The Amazon Web Services (AWS) Public Sector Blog team writes for the government, education, and nonprofit sector around the globe. Learn more about AWS for the public sector by visiting our website (, or following us on Twitter (@AWS_gov, @AWS_edu, and @AWS_Nonprofits).