AWS Security Blog
AWS achieves FedRAMP P-ATO for 15 services in the AWS US East/West and AWS GovCloud (US) Regions
AWS is pleased to announce that 15 additional AWS services have achieved Provisional Authority to Operate (P-ATO) from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB).
AWS is continually expanding the scope of our compliance programs to help customers use authorized services for sensitive and regulated workloads. AWS now offers 111 AWS services authorized in the AWS US East/West Regions under FedRAMP Moderate Authorization, and 91 services authorized in the AWS GovCloud (US) Regions under FedRAMP High Authorization.
Descriptions of AWS Services now in FedRAMP P-ATO
These additional AWS services now provide the following capabilities for the U.S. federal government and customers with regulated workloads:
- Amazon Detective simplifies analyzing, investigating, and quickly identifying the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources, and uses machine learning, statistical analysis, and graph theory to build a linked set of data enabling you to easily conduct faster and more efficient security investigations.
- Amazon FSx for Lustre provides fully managed shared storage with the scalability and performance of the popular Lustre file system.
- Amazon FSx for Windows File Server provides fully managed shared storage built on Windows Server, and delivers a wide range of data access, data management, and administrative capabilities.
- Amazon Kendra is an intelligent search service powered by machine learning (ML).
- Amazon Keyspaces (for Apache Cassandra) is a scalable, highly available, and managed Apache Cassandra-compatible database service.
- Amazon Lex is an AWS service for building conversational interfaces into applications using voice and text.
- Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
- Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that simplifies setting up and operating message brokers on AWS.
- AWS CloudHSM is a cloud-based hardware security module (HSM) that lets you generate and use your own encryption keys on the AWS Cloud.
- AWS Cloud Map is a cloud resource discovery service. With Cloud Map, you can define custom names for your application resources, and CloudMap maintains the updated location of these dynamically changing resources.
- AWS Glue DataBrew is a new visual data preparation tool that lets data analysts and data scientists quickly clean and normalize data to prepare it for analytics and machine learning.
- AWS Outposts (hardware excluded) is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS managed infrastructure, AWS Outposts enables you to build and run applications on premises using the same programming interfaces used in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs.
- AWS Resource Groups grants you the ability to organize your AWS resources, managing and automating tasks for large numbers of resources at the same time.
- AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. After an initial assessment, a Snowmobile will be transported to your data center and AWS personnel will configure it so it can be accessed as a network storage target. After you load your data, the Snowmobile is driven back to an AWS regional data center, where AWS imports the data into Amazon Simple Storage Service (Amazon S3).
- AWS Transfer Family securely scales your recurring business-to-business file transfers to Amazon S3 and Amazon Elastic File System (Amazon EFS) using SFTP, FTPS, and FTP protocols.
The following services are now listed on the FedRAMP Marketplace and the AWS Services in Scope by Compliance Program page.
Service authorizations by Region
Service | FedRAMP Moderate in AWS US East/West | FedRAMP High in AWS GovCloud (US) |
Amazon Detective | ✓ | |
Amazon FSx for Lustre | ✓ | ✓ |
Amazon FSx for Windows File Server | ✓ | ✓ |
Amazon Kendra | ✓ | |
Amazon Keyspaces (for Apache Cassandra) | ✓ | |
Amazon Lex | ✓ | |
Amazon Macie | ✓ | |
Amazon MQ | ✓ | |
AWS CloudHSM | ✓ | |
AWS Cloud Map | ✓ | |
AWS Glue DataBrew | ✓ | |
AWS Outposts | ✓ | ✓ |
AWS Resource Groups | ✓ | |
AWS Snowmobile | ✓ | |
AWS Transfer Family | ✓ | ✓ |
To learn what other public sector customers are doing on AWS, see our Government, Education, and Nonprofits Case Studies and Customer Success Stories. Stay tuned for future updates on our Services in Scope by Compliance Program page. Let us know how this post will help your mission by reaching out to your AWS Account Team. Lastly, if you have feedback about this blog post, let us know in the Comments section.
Want more AWS Security news? Follow us on Twitter.