AWS Public Sector Blog

Announcing ATO on AWS

Today, we announced the Authority to Operate (ATO) on AWS program, which provides resources to Independent Software Vendors (ISVs) who aspire to achieve a compliance authorization, such as FedRAMP, Defense Federal Acquisition Regulation Supplement (DFARS), Payment Card Industry (PCI), Criminal Justice Information Services (CJIS), and many other compliance programs.

Security and compliance are primary considerations for many of our customers as they begin their cloud journey. Government customers can face obstacles and challenges using commercially available solutions today that may not be authorized. Solution providers also can have issues achieving authorizations due to complexity, time, and cost. This can limit customers in executing their missions.

To date, 56 third-party solutions have achieved a FedRAMP ATO in AWS Regions, and there are 209 individual FedRAMP authorizations for solutions in AWS. We are working to significantly increase the number of future authorizations by reducing the time and costs required for the process. To achieve this, we are launching “ATO on AWS.”

Breaking down ATO on AWS

ATO on AWS is a partner-driven process that includes training, tools, pre-built CloudFormation templates, control implementation details, and pre-built artifacts. Additionally, customers are able to access direct engagement and guidance from AWS compliance specialists and support from expert AWS consulting and technology partners who are a part of our Security Automation and Orchestration (SAO) initiative, including GitHub, Yubico, RedHat, Splunk, Allgress, Puppet, Trend Micro, Telos, CloudCheckr, Saint, Center for Internet Security (CIS), OKTA, Barracuda, Anitian, Kratos, and Coalfire.

For example, Smartsheet, an APN partner, used many of the tools available through the ATO on AWS program, as well as expertise from Anitian, Kratos, GitHub, CIS, Yubico, Trend Micro, Puppet, Saint, Sherlock, Barracuda, and Coalfire in their particular areas of focus to go from having no presence in AWS GovCloud (US) to FedRAMP compliant in less than 90 days.

APN Partners

We are also collaborating with AWS Partner Network (APN) Partners to develop additional programs aimed at helping ISVs achieve an ATO more efficiently. For example, Telos and Rackspace will be launching a three-step FedRAMP program, which includes training, a gap analysis, and help for ISVs to build, document, and manage a FedRAMP-compliant AWS infrastructure.

Such APN partner solutions will enable us to address the broad needs and unique compliance requirements encountered by solution providers in regulated markets, so they can rapidly realize the many benefits of the cloud.

Get started on your path to ATO

To get started on your own ATO, contact the AWS partner team at ATOonAWS@amazon.com.