Tag: ATO on AWS

Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements for cryptographic modules that protect sensitive information. It is the current United States and Canadian government standard, and is applicable to systems that are required to be compliant with Federal Information Security Management Act (FISMA) or Federal Risk and Authorization Management Program (FedRAMP). In this blog, we demonstrate how to enable FIPS mode in Amazon Linux 2 and verify that unauthorized cryptographic functions are not being used in OpenSSL or the OpenSSH server.

Authority to Operate (ATO) on AWS is an AWS Partner Network (APN) program, which provides resources to solution providers running on AWS who need assistance in their pursuit of a compliance authorization. This includes the Federal Risk and Authorization Management Program (FedRAMP), Defense Federal Acquisition Regulation Supplement (DFARS), Payment Card Industry Data Security Standard (PCI DSS), Criminal Justice Information Services (CJIS), and many other compliance programs.

We announced the Authority to Operate (ATO) on AWS program, which provides resources to Independent Software Vendors (ISVs) who aspire to achieve a compliance authorization, such as FedRAMP, Defense Federal Acquisition Regulation Supplement (DFARS), Payment Card Industry (PCI), Criminal Justice Information Services (CJIS), and many other compliance programs.