Tag: fedramp

If you are a technology professional looking to understand how cloud security adheres to compliance requirements, attend our AWS Compliance Week webinar series on November 2-6. You will learn how to architect compliant, multi-region cloud environments, establish agile governance for regulated workloads, and use new AWS solutions to help accelerate compliance. Hear government and industry perspectives on achieving high compliance from the General Services Administration’s FedRAMP program management office, and customers Maxar, Salesforce, and Coalfire.

A new IDC whitepaper, sponsored by AWS, “How Government Agencies Meet Security and Compliance Requirements in the Cloud” examines why federal agencies are moving more systems and information to the cloud as a launching point for agency-wide IT modernization. The paper shares executive, legislative, and other government-wide initiatives influencing agencies to accelerate their cloud adoption plans, risks IT leaders face by delaying cloud migrations, and how secure, compliant cloud environments help agencies achieve compliance and security for their sensitive workloads.

Government agencies and public sector organizations need rapidly deployable and dependable security solutions to support their missions. In response to this need, AWS launched the Security Solutions for Government Workloads initiative under the Authority to Operate (ATO) on AWS Program. This initiative works with AWS Public Sector Partners, members of the AWS Partner Network (APN), to develop security solutions designed to meet the unique security and compliance requirements of public sector workloads.

Government agencies have accelerated their transition to the cloud over the last few years, and COVID-19 has accelerated the urgency and pace of that move. A benefit of moving to the cloud is increased security. But to realize this, new infrastructure must be implemented and managed correctly, using best practices and the right technologies. Working with our partners, AWS has helped dozens of solutions accelerate their FedRAMP authorizations. There are more than 100 FedRAMP-authorized solutions running on AWS.

This morning, vice president of AWS worldwide public sector Teresa Carlson kicked off the AWS Public Sector Summit Online. Teresa reflected on the challenging times during these past few months, shared key trends and lessons learned and spoke about AWS’s commitment to helping people around the world continue to deliver on their missions. In her keynote address, Teresa highlighted AWS customers’ impressive global efforts and how AWS is helping support those customers’ missions. She also shared the latest news and announcements, resources, and more. Here’s what you missed.

Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements for cryptographic modules that protect sensitive information. It is the current United States and Canadian government standard, and is applicable to systems that are required to be compliant with Federal Information Security Management Act (FISMA) or Federal Risk and Authorization Management Program (FedRAMP). In this blog, we demonstrate how to enable FIPS mode in Amazon Linux 2 and verify that unauthorized cryptographic functions are not being used in OpenSSL or the OpenSSH server.

Did you know AWS can help deliver an automated solution for creating the FedRAMP Integrated Inventory Workbook? This workbook needs to be updated and submitted to the FedRAMP Project Management Office (PMO) monthly for continuous monitoring. Automating this workbook saves manual work hours. Any customer going through the FedRAMP authorization process can leverage this workbook. Understand how to gather an inventory of AWS resources from AWS Config data to create the FedRAMP Integrated Inventory Workbook.

From November 4-8, Amazon Web Services (AWS) will host its first annual “AWS Compliance Week: Achieving Cloud Compliance and Security in the AWS Cloud” to help customers navigate and accelerate their cloud adoption plans for regulated workloads and sensitive data. The five-part, week-long webinar series will highlight how AWS GovCloud (US) Regions are purpose-built to help customers realize cloud benefits when working with Controlled Unclassified Information (CUI), defense data, export-controlled data, and criminal justice information (CJI).

Smartsheet, a cloud-based platform for work execution, recently announced Smartsheet Gov achieved a Federal Risk and Authorization Management Program (FedRAMP) Provisional Authority to Operate (P-ATO). Smartsheet Gov is a secure solution that enables federal agencies to organize and scale processes, streamline workflows, and automate repetitive yet critical tasks, built on Amazon Web Services (AWS) GovCloud (US). The Joint Authorization Board (JAB)-issued authorization enables U.S. federal government customers to increase their use of the Smartsheet Gov platform to help them modernize their IT missions. “By building on AWS GovCloud, Smartsheet and their government customers may host sensitive data and regulated workloads, while meeting stringent US government security and compliance requirements,” said Dave Levy, Vice President of U.S. Federal Government at AWS.

We announced the Authority to Operate (ATO) on AWS program, which provides resources to Independent Software Vendors (ISVs) who aspire to achieve a compliance authorization, such as FedRAMP, Defense Federal Acquisition Regulation Supplement (DFARS), Payment Card Industry (PCI), Criminal Justice Information Services (CJIS), and many other compliance programs.