AWS Security Blog

AWS Architecture and Security Recommendations for FedRAMP Compliance

Some of the most common compliance-related requests we receive from our customers are for reference architecture, a template for how to build your infrastructure in the cloud. These requests indicate how some people learn new concepts: reference architecture visualizations can help to clarify subject matter.

In order to clarify how you can use AWS functionality to meet the federal government’s security control requirements, we have published a whitepaper called AWS Architecture and Security Recommendations for FedRAMP Compliance. This whitepaper provides security recommendations for a variety of common use cases. It contains examples that can show you how to satisfy NIST controls by using a broad array of security functionality provided by AWS. If you are a federal customer, this reference architecture enables you to better understand how to accelerate your adoption of the cloud by building secure applications that also comply with federal agency guidelines.

The sample reference architecture contained in this whitepaper includes:

  • Baking AMIs
  • Bootstrapping
  • Cutting Over by Trickle Testing

AWS attained authorization under the FedRAMPSM program in 2013 for all domestic regions. As a result of this authorization, many federal customers have transitioned their applications to AWS to better position themselves to realize the benefits of the cloud.

We look forward to hearing how you are using the reference architecture and the ways we can improve it. Please contact us for questions about meeting your compliance requirements in the cloud.

Also, refer to these related links:

– Chad Woolf, Director, AWS Risk and Compliance