AWS Public Sector Blog

Tag: federal government

Open for registration: Cloud Audit Academy for Federal and DoD Workloads in AWS

AWS announced the launch of the Cloud Audit Academy (CAA) for Federal and DoD Workloads (FDW) in AWS. This is a two-day accelerated training course to educate customers on how to leverage AWS services to assist with US Federal and Department of Defense (DoD) security and compliance requirements. This training course also qualifies for 12 hours of continuing professional education (CPE). Register at no cost today.

Booz Allen speeds migration and reduces costs for a US government agency with the AWS Migration Acceleration Program (MAP)

Moving sensitive US government data to the cloud requires the meticulous application of a proven migration methodology, skilled resources, a robust solution, and a mature logistics model. A US government agency elected to move its Security and Information Event Management (SIEM) system from a virtualized, on-premise environment to the AWS Cloud. AWS Partner Booz Allen performed the migration and used the AWS Migration Acceleration Program (MAP) and AWS Snow Family of devices as mechanisms to help the customer save time, reduce costs, and increase their agility to develop new features for their constituents.

How the latest FBI CJIS Security Policy updates help you control your criminal justice information

The recent Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy update contains important cloud computing language that aligns with the AWS approach to building CJIS compliant solutions. Learn more about the CJIS Security Policy changes and how AWS supports these new policies.

Addressing federal record retention in mobile device messaging

Virtually all federal, state, and local government agencies are subject to various data retention and records management policies, regulations, and laws. AWS Wickr provides federal agencies with an innovative solution that can help them build public trust by protecting sensitive communications, while supporting the capture and management of records.  

What US federal customers need to know about memorandum M-21-31

The US Office of Management and Budget published M-21-31, a memorandum for federal government agencies to define event logging requirements related to cybersecurity incidents. These guidelines aim to support the detection, investigation, and remediation of cyber incidents on federal information systems. The memorandum defines various event logging (EL) tiers and the log data that must be captured for various log categories. Learn the services from AWS that have been called out explicitly in the memorandum for logging and retention requirements at the EL1 level, and the resources you can use to set up these services to capture the required log data.

AWS announces low-to-no cost security services for federal political campaigns and committees

It is essential for election campaigns and committees to have access to the latest security services so they can mitigate risks against security threats at minimal cost. To support this, AWS is collaborating with Defending Digital Campaigns (DDC) to offer more than 20 cybersecurity-related AWS services for low-to-no cost to all active and registered national party committees and federal candidate committees for the US House and US Senate midterm elections that are eligible in accordance with DDC and Federal Election Commission (FEC) criteria.

How to improve government customer experience by building a modern serverless web application in AWS GovCloud (US)

Modern applications built using microservices architectures improve customer experience by dramatically reducing the risk of failures in a web application. In this blog post, we present a sample AWS reference architecture of a microservices application built using an architecture framework based in AWS GovCloud (US), which can help support adherence to a Federal Risk and Authorization Management Program (FedRAMP) High Baseline.

How the US DOJ Tax Division built a remote telework application in six weeks with AWS

In mid-February of 2022, the US federal government began planning the return-to-office after the COVID-19 pandemic. The US Department of Justice (DOJ) Tax Division needed to quickly build and launch a telework authorization application by April 1, which would help their more than 500 attorneys, paralegals, and administrative personnel request a hybrid work arrangement—all while keeping sensitive information compliant and secure. To do this, the DOJ Tax Division worked with AWS to build an enterprise-level telework approval application in less than two months, before the Division’s re-entry in mid-April of 2022.

Get no-cost, in-person training and hands-on help at the AWS Federal Learning Days

From September 12-15, AWS will hold AWS Federal Learning Days at our HQ2 location in Arlington, VA. Built for a range of federal customers, from mission owners to cloud technical experts to IT managers, AWS Federal Learning days can help you improve your cloud knowledge and learn new ways to achieve your mission outcomes. Whether you’re a cloud expert or just beginning your journey, the daily AWS training sessions at the AWS Federal Learning Days will cover a range of technical and mission-oriented topics to help hone your skills.

How to implement CNAP for federal and defense customers in AWS

In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.