AWS Public Sector Blog

Category: AWS GovCloud (US)

How to implement CNAP for federal and defense customers in AWS

In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.

Read More

AWS GovCloud (US) or standard? Selecting the right AWS partition

This blog post explores the options US public sector customers and their business partners should evaluate when selecting an AWS partition. We discuss the differences between AWS GovCloud (US) and the AWS standard partition and how to decide which partition may be the best match for your organization’s security, compliance, and availability needs.

Read More

Move data in and out of AWS GovCloud (US) with Amazon S3

Increasingly, AWS customers are operating workloads both in AWS GovCloud (US) and standard AWS Regions. Dependencies between workloads, changing data controls, or enrichment of data across multiple data levels are examples of business needs that may require moving data in and out of AWS GovCloud (US). In this blog post, I explain how to move data between Amazon Simple Storage Service (Amazon S3) buckets in the AWS GovCloud (US) and standard partitions.

Read More

Move data in and out of AWS GovCloud (US) with AWS DataSync

As public sector customers find increasing need to move data between the AWS GovCloud (US) partition and the standard partition, they need tools to help them lower their operational burden. In this blog post, I walk through how to use AWS DataSync to move data on network file system (NFS) shares between the two partitions.

Read More

Announcing second AWS Top Secret Region, extending support for US government classified missions

AWS Top Secret-West is accredited to operate workloads at the Top Secret U.S. security classification level. The new Region adds multiple Availability Zones geographically separated from AWS Top Secret-East. With two Top Secret Regions, customers in the U.S. defense, intelligence, and national security communities can deploy multi-Region architectures to achieve the highest levels of resiliency and availability essential to their most critical national security missions.

Read More

10 years of government cloud innovation with AWS GovCloud (US)

Ten years ago, the federal government was only just beginning to adopt cloud computing services. In the early days, there were concerns about how much cloud services would cost and whether they’d be secure enough for sensitive government data. In listening to our government customers, we heard their concerns about cost and security. They also needed to innovate ahead of demand, and required a highly secure and compliant infrastructure to do it. That’s why we launched AWS GovCloud (US) in 2011.

Read More

Accelerate CMMC compliance with the AWS CMMC Customer Responsibility Matrix

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).

Read More

Analyze controlled unclassified data with SAS Viya EKS on AWS GovCloud (US)

SAS Viya is a highly available, cloud-native analytics platform. The latest version of SAS Viya on Amazon Elastic Kubernetes Service (Amazon EKS) allows customers to receive all of Kubernetes’ advantages without the trouble of maintaining their own Kubernetes infrastructure. Plus, customers also inherit AWS compliance controls, which can accelerate the journey to achieving FedRAMP authority to operate (ATO) in AWS US Regions. In this post, we show the key components of the SAS Viya architecture along with its core features to help customers on their journey to the cloud.

Read More

AWS Hybrid Connectivity: Sharing AWS Direct Connect with AWS GovCloud (US) and commercial Regions

To establish network connectivity between on-premises data centers, branch locations, and cloud resources, organizations use a hybrid network. This technical walkthrough explains how to implement hybrid connectivity from your premises to AWS GovCloud (US) and commercial AWS Regions using a dedicated private network connection provided by AWS Direct Connect (DX).

Read More

How to accelerate CMMC compliance with the new AWS Compliant Framework

The AWS Compliant Framework is an automated solution designed to help customers reduce the time to setup an environment for running secure and scalable workloads while implementing an initial security baseline that meets US federal government standards. The solution was designed to address the requirements for deploying DoD CMMC and DoD Cloud Computing Security Requirements Guide compliant environments.

Read More