AWS Public Sector Blog

Meeting DFARS Requirements with AWS

A growing number of military customers are adopting AWS’s utility-based cloud services to process, store, and transmit all types of unclassified Department of Defense (DoD) data. AWS enables DoD and its contractors to leverage the secure AWS environment to meet critical mission needs in supporting the security and welfare of our country.

Strengthening our commitment to the DoD, AWS services allow customers to fully comply with the Defense Federal Acquisition Regulation Supplement (DFARS) regulations governing the safeguarding of DoD data, including data in the cloud. This includes the DFARS provision governing “Covered Defense Information” under DFARS 252.204.7012 (“Safeguarding Covered Defense Information and Cyber Incident Reporting”) as well as “Government data” under DFARS 252.239.7010 (“Cloud Computing Services”).

As an AWS customer deploying an application on the AWS infrastructure, you fully inherit the security controls pertaining to our physical, environmental, and media protection controls, and no longer need to provide a detailed description as to how you comply with these control families. The remaining DoD Risk Management Framework (RMF) controls are shared between AWS and its customers, as each organization retains responsibility for implementation of these controls within their portion of the shared IT security model.

AWS customers also inherit all the benefits of our experience, including the best practices of our security policies, architecture, and operational processes proven to meet the strict standards and compliance requirements of third-party assurance frameworks.

In supporting DFARS requirements, we work with customers and their assessors to assist in the planning, deploying, certifying, and accrediting of customer DoD workloads running on AWS. Mission owners have the tools, like AWS CloudTrail and Amazon CloudWatch, to help improve their own compliance oversight with the services and features made available by AWS.

With AWS, you can also leverage security investments you have already made by working with technology partners you know and trust, using highly vetted solutions from our Marketplace and Partner Network.

Learn practical guidance on how DoD and defense contracting organizations can meet DFARS requirements using AWS GovCloud (US) in this video here. And visit our AWS Cloud Compliance page to learn more.

AWS Public Sector Blog Team

AWS Public Sector Blog Team

The Amazon Web Services (AWS) Public Sector Blog team writes for the government, education, and nonprofit sector around the globe. Learn more about AWS for the public sector by visiting our website (, or following us on Twitter (@AWS_gov, @AWS_edu, and @AWS_Nonprofits).