AWS Public Sector Blog

Amazon Web Services Achieves FedRAMP High Authorization

We are pleased to announce that AWS GovCloud (US) has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the Federal Risk and Authorization Management Program (FedRAMP) High baseline, a standardized set of security requirements for cloud services. AWS is one of the first cloud service providers (CSP) to meet the FedRAMP High baseline, which includes over 400 security controls, and gives U.S. government agencies the ability to leverage the AWS Cloud for highly sensitive workloads, including Personal Identifiable Information (PII), sensitive patient records, financial data, law enforcement data, and other Controlled Unclassified Information (CUI).

Compliance without compromise is possible with AWS GovCloud (US) and this recognition validates AWS GovCloud (US) as a secure environment to run highly sensitive government workloads.

“We are pleased to have achieved the FedRAMP High baseline, giving agencies a simplified path to moving their highly sensitive workloads to AWS so they can immediately begin taking advantage of the cloud’s agility and cost savings,” said Teresa Carlson, Vice President Worldwide Public Sector, AWS. “Over 2,300 government customers across the world are using the AWS Cloud to innovate in amazing ways – from analyzing data on social media to collect information on adverse drug effects, to making genomic data publicly accessible, to collecting images from Mars. By demonstrating the security of the AWS Cloud with the FedRAMP High baseline, agencies can confidently use our services for an even broader set of critical mission applications and innovations.”

What is FedRAMP High?

  • FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
  • The new FedRAMP High baseline applies to non-classified technology systems under the Federal Information Security Management Act (FISMA), with “High” characterized as if the loss of confidentiality, integrity, or availability of that data could be expected to have a severe or catastrophic effect on organizational operations, assets, or individuals. For example, these more sensitive workloads may include sensitive patient records, financial data, or law enforcement data.

This authorization continues AWS’s leadership in attaining security and compliance certifications, and applies to the AWS GovCloud (US) Region, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Amazon Identity and Access Management (IAM), and Amazon Elastic Block Store (EBS). Launched in 2011, the AWS GovCloud (US) is an isolated region designed to host sensitive workloads in the cloud. In addition to FedRAMP, AWS GovCloud (US) adheres to U.S. International Traffic in Arms Regulations (ITAR), Criminal Justice Information Services (CJIS) requirements, as well as Levels 2 and 4 for DoD systems.

Address your most stringent regulatory and compliance requirements while meeting your mission with the AWS GovCloud (US). To learn more about the AWS and FedRAMP compliance, please visit

Register now for our webinar, “FedRAMP High & AWS GovCloud (US): Meet FISMA High Requirements in the Cloud,” to learn more about how you can architect solutions in compliance with the FedRAMP High Baseline, ITAR, HIPAA, and the DoD Cloud Computing Security Requirements Guide (SRG) Levels 2 and 4.

AWS Public Sector Blog Team

AWS Public Sector Blog Team

The Amazon Web Services (AWS) Public Sector Blog team writes for the government, education, and nonprofit sector around the globe. Learn more about AWS for the public sector by visiting our website (, or following us on Twitter (@AWS_gov, @AWS_edu, and @AWS_Nonprofits).