AWS Government, Education, & Nonprofits Blog

Amazon Web Services Achieves DoD Impact Level 5 Provisional Authorization

We are pleased to announce that Amazon Web Services has achieved a Provisional Authorization (PA) by the Defense Information Systems Agency (DISA) for Impact Level (IL) 5 workloads, as defined in the Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG), in the AWS GovCloud (US) Region.

Now DoD customers and contractors working with the DoD can leverage AWS’s PA to meet DoD CC SRG IL5, along with IL2 and IL4, compliance requirements. This further bolsters AWS as an industry leader in helping support the DoD’s critical mission in protecting our security. The AWS services support a variety of DoD workloads, including workloads containing sensitive controlled unclassified information (CUI) and National Security Systems (NSS) information. AWS services are already being used for a number of cutting-edge, mission-critical DoD workloads, such as the Global Positioning System Next Generation Operational Control System (GPS OCX), a critical navigation information system that supports global cyber protection and analysis of satellite data.

AWS GovCloud (US) for IL5

To enable extremely high security levels for our customers, AWS employs a robust set of security technologies and practices, including encryption and access control features that exceed DoD security requirements.

AWS GovCloud (US) can scale to handle large-scale compute and storage intensive workloads and meet DoD CC SRG IL5 requirements. The AWS GovCloud (US) Region is composed of multiple data centers that can handle the scale of high capacity, mission-critical workloads, including High Performance Compute, Big Data, or ERP workloads. Importantly, customers leveraging AWS’s DoD CC SRG IL 5 PA will enjoy the same cost savings as other customers in the AWS GovCloud (US) Region, making it an affordable and secure compute and storage environment for DoD workloads.

Modernizing Defense in the Cloud 

At the 2016 AWS re:Invent, Air Force Lt. Gen. Samuel Greaves shared his perspective on how the small, highly empowered Defense Digital Services (DDS) team is breaking down innovation barriers with AWS GovCloud (US). Watch the full video here.

The AWS Cloud brought about a cultural shift in the Air Force around delivering ground software capabilities. The DDS team encouraged the Air Force to use commercial cloud for testing the service’s GPS OCX, which would control the newest version of the DoD’s global positioning system satellites.

The program’s engineers need regular and reliable test environments to more rapidly test the software. The solution: build test environments in AWS GovCloud (US).

“We deployed our first ever national security system, or Impact Level 5, to AWS GovCloud (US). We are working on automatic builds and deployment. But the real impact is that when we are done, we are going to take something that took three weeks down to 15 minutes,” said Chris Lynch, Director of the DDS.

No other cloud provider was able to meet the IL5 security requirements and scale of the US Air Force’s GPS OCX program. That program required 200+ Dedicated Hosts running upwards of 1,000 individual Virtual Machines. Each Virtual Machine needed at least eight vCPUs and 32GB RAM. When the Air Force looked at other cloud providers, none of them were able to immediately handle the compute scale while also meeting the DoD CC SRG IL5 requirements. Not only did AWS meet the Air Force’s needs, but the Air Force also experienced a 30% cost savings for storage costs.

Architect for Compliance in AWS GovCloud (US)

Cloud computing can help defense organizations increase innovation, efficiency, agility, and resiliency—all while reducing costs.

Learn how to architect for compliance in the AWS Cloud and see how your organization can leverage the agility, cost savings, scalability, and flexibility of the cloud, while meeting the most stringent regulatory and compliance requirements, including Federal Risk and Authorization Management Program (FedRAMP), ITAR, CJIS, HIPAA, and DoD SRG Levels 2, 4, and 5. Join us for the webinar and hear best practices and practical use cases for using AWS GovCloud (US) to comply with a variety of regulatory regimes.

This webinar helps DoD customers, partners, and systems integrators adopt cloud architecture best practices, so they can confidently and securely use AWS for storage, compute, database, Big Data, and other AWS services that offer flexibility and cost savings in the cloud. Register now.