AWS Security Blog

AWS GovCloud Earns DoD CSM Level 3-5 Provisional Authorization

I’m very excited to share that AWS has received the first ever U.S. Department of Defense (DoD) level 3-5 Provisional Authorization for the AWS GovCloud (US) region under the Defense Information Systems Agency’s (DISA) Cloud Security Model (CSM). AWS has been authorized for CSM levels 1-2 workloads for all US regions since March of this year. This new authorization allows DoD customers to conduct development and integration activities that are required to secure controlled unclassified information in AWS GovCloud at levels 3-5 of the CSM. Simply put, DoD agencies can now use AWS GovCloud’s compliant infrastructure for all but level 6 (classified) workloads.

Built on the foundation of the FedRAMP Program, the DoD CSM includes additional security controls specific to the DoD. The authorization sponsored by DISA will reduce the time necessary for DoD agencies to evaluate and authorize the use of AWS GovCloud. To learn more about the AWS DoD Authorizations, please visit the AWS DoD CSM FAQs page.

Our services are listed in the DoD Enterprise Cloud Service Broker (ECSB) catalog. DoD agencies can immediately request AWS DoD Provisional Authorization compliance support by submitting a Compliance Support Request to the AWS public sector sales and business development team. For more information on AWS security and compliance, please visit the AWS Security Center and the AWS Compliance Center.

– Chad Woolf, Director, AWS Risk & Compliance