AWS Security Blog

AWS Granted Authority to Operate for Department of Commerce and NOAA

AWS already has a number of federal agencies onboarded to the cloud, including the Department of Energy, The Department of the Interior, and NASA. Today we are pleased to announce the addition of two more ATOs (authority to operate) for the Department of Commerce (DOC) and the National Oceanic and Atmospheric Administration (NOAA). Specifically, the DOC will be utilizing AWS for their Commerce Data Service, and NOAA will be leveraging the cloud for their “Big Data Project.” According to NOAA, the goal of the Big Data Project is to “create a sustainable, market-driven ecosystem that lowers the cost barrier to data publication. This project will create a new economic space for growth and job creation while providing the public far greater access to the data created with its tax dollars.”

Steve Cooper, US DOC Chief Information Officer, and Tyrone Grandison, US DOC Deputy Chief Data Officer, announced this pair of authorizations on the US DOC’s  website earlier this week. According to both officers, the authorizations are “a great milestone for the Department and will be a catalyst for future data products and services that we create for the American people”. The ATOs are applicable to the AWS GovCloud, AWS East, and AWS West Regions.

Under the 2011 Federal Cloud Computing Strategy document, agencies have been encouraged to operate under a “cloud first” approach. This strategy document estimates that a full quarter of the United States’ $80 billion dollar IT budget could be a target for leveraging providers such as AWS to migrate to the cloud. Furthermore, the strategy outlined a critical set of criteria when considering a move to the cloud, including:

  • Statutory compliance.
  • Privacy and confidentiality.
  • Data integrity.
  • Data controls and access policies.
  • Governance controls.

The announcement of these latest ATOs was based upon the governmental organization’s desire to “to capitalize on its cost savings, availability improvements, energy efficiencies, system agility, centralized security management, and increased reliability.” For more details, see the official announcement.

If you have additional questions, please contact us, or if you would like to learn more about compliance in the AWS Cloud, see our AWS Cloud Compliance page.


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.