AWS Public Sector Blog

Get started on your path to an ATO

Authority to Operate (ATO) on AWS is an AWS Partner Network (APN) program, which provides resources to solution providers running on AWS who need assistance in their pursuit of a compliance authorization. This includes the Federal Risk and Authorization Management Program (FedRAMP), Defense Federal Acquisition Regulation Supplement (DFARS), Payment Card Industry Data Security Standard (PCI DSS), Criminal Justice Information Services (CJIS), and many other compliance programs.

What is ATO on AWS?

ATO on AWS is a set of resources including automations, templates, and best practices that help solution providers running on AWS accelerate the security and compliance authorization processes, reducing the time and costs it takes to achieve an ATO (such as FedRAMP or CJIS).

This is achieved by providing resources that help solution providers build, implement, and optimize DevOps, SecOps, Continuous Integration/Continuous Delivery (CI/CD), Continuous Risk Treatment (CRT) strategies and processes for their organization. Additionally, ATO on AWS provides access to managed solutions that minimize the level of effort required to achieve such authorizations.

The program consists of:

  • A community of validated APN Consulting Partners and solutions from APN Technology Partners that are proven to be effective in helping solution providers meet and maintain regulatory compliance requirements. These organizations must meet the qualifications defined by the program and are verified by AWS program administrators.
  • Community-developed and verified resources, templates, tools, and guidance that help simplify the development of compliant infrastructure, provide a more consistent operating environment, and reduce the time and costs of achieving and maintaining a compliant infrastructure.
  • Support and guidance from AWS security and compliance strategists.

Through expertise, formal resources, and programmatic support, the ATO on AWS program supports solution providers who develop tools and workloads for customers that must adhere to stringent security and compliance regulations. The ATO on AWS Security Automation and Orchestration (SAO) framework was developed to unify development, operations, security, and compliance.

Get started on your path to an ATO!

Solution providers interested in achieving a compliance authorization, visit or contact for more information.

APN Consulting and Technology Partners who are interested in joining our community of supporting partner organizations, visit or contact

AWS Public Sector Blog Team

AWS Public Sector Blog Team

The Amazon Web Services (AWS) Public Sector Blog team writes for the government, education, and nonprofit sector around the globe. Learn more about AWS for the public sector by visiting our website (, or following us on Twitter (@AWS_gov, @AWS_edu, and @AWS_Nonprofits).