AWS Services in Scope by Compliance Program

— Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 


This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

 

Click here for full list of services covered under the AWS compliance programs.


Services going through DoD CC SRG assessment and authorization will have the following status:

  • Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment
  • Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review

* Services not within the scope of DISA review. As such, DISA has issued neither an approval nor disapproval decision regarding this product under the DoD CC SRG. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent Mission Owner approval.
** Denotes the service is Impact Level 6 authorized, but not Generally Available (GA) in the region.

DoD CC SRG
SERVICES / PROGRAMS SDKs DoD CC SRG IL2 (East/West) DoD CC SRG IL2 (GovCloud) DoD CC SRG IL4 (GovCloud) DoD CC SRG IL5 (GovCloud) DoD CC SRG IL6 (AWS Secret Region)
Amazon API Gateway apigateway  
Amazon AppStream 2.0 appstream  
Amazon Athena** athena
Amazon Aurora MySQL  
Amazon Aurora PostgreSQL  
Amazon Bedrock   3PAO Assessment 3PAO Assessment      
Amazon Chime chime        
Amazon Chime SDK chime
identity-chime
media-pipelines-chime
messaging-chime
meetings-chime
voice-chime
 
Amazon Cloud Directory clouddirectory   
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences] cloudfront        
Amazon CloudWatch cloudwatch
Amazon CloudWatch Logs logs
Amazon Cognito cognito-idp, cognito-identity, cognito-sync  
Amazon Comprehend comprehend  
Amazon Comprehend Medical comprehendmedical  
Amazon Connect [excludes Amazon Q in Connect, VoiceID, Outbound Campaigns, and GetMetricDataV2 API] connect  
Amazon Data Firehose firehose
Amazon Detective detective  
Amazon DevOps Guru          
Amazon DynamoDB dynamodb
Amazon EC2 Auto Scaling [feature of EC2] autoscaling
Amazon EC2 Image Builder imagebuilder
Amazon Elastic Block Store (EBS) ebs
Amazon Elastic Compute Cloud (EC2) ecs
Amazon Elastic Container Registry (ECR) ecr
Amazon Elastic Container Service (ECS) ecs
Amazon Elastic File System (EFS) efs
Amazon Elastic Kubernetes Service (EKS) eks
Amazon ElastiCache elasticache
Amazon Elastic MapReduce (EMR) elasticmapreduce
Amazon EventBridge events
Amazon FinSpace finspace        
Amazon Forecast amazonforecast        
Amazon FSx    
Amazon GuardDuty [excludes Runtime Monitoring and EKS Runtime Monitoring] guardduty  
Amazon Inspector inspector2      
Amazon Inspector Classic inspector  
Amazon Kendra kendra  
Amazon Keyspaces (for Apache Cassandra) keyspaces  
Amazon Kinesis Data Streams kinesis
Amazon Lex runtime.lex, models.lex  
Amazon Macie macie2        
Amazon Managed Service for Apache Flink [formerly Amazon Kinesis Data Analytics]    
Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka  
Amazon MemoryDB for Redis          
Amazon MQ mq  
Amazon Neptune neptune-db  
Amazon OpenSearch Service elasticsearchservice
Amazon Pinpoint mobiletargeting  
Amazon Polly polly  
Amazon Quantum Ledger Database (QLDB) qldb        
Amazon QuickSight quicksight  
Amazon RDS (MariaDB)  
Amazon RDS (MySQL)  
Amazon RDS (Oracle)  
Amazon RDS (Postgres)  
Amazon RDS (SQL Server)  
Amazon Redshift redshift
Amazon Rekognition rekognition  
Amazon Route 53 route53
Amazon S3 Glacier glacier
Amazon SageMaker [excludes Amazon SageMaker Studio Lab] sagemaker
Amazon Simple Email Service (SES) ses  
Amazon Simple Notification Service (SNS) sns
Amazon Simple Queue Service (SQS) sqs
Amazon Simple Storage Service (S3) s3
Amazon Simple Workflow Service (SWF) swf
Amazon Textract textract  
Amazon Timestream for LiveAnalytics timestream DISA Review DISA Review  
Amazon Transcribe transcribe  
Amazon Translate translate  
Amazon Virtual Private Cloud (VPC) ec2
Amazon WorkDocs workdocs        
Amazon WorkSpaces workspaces
Amazon WorkSpaces Web          
AWS Application Auto Scaling application-autoscaling  
AWS Application Migration Service (MGN)          
AWS App Mesh appmesh        
AWS Artifact*    
AWS Audit Manager auditmanager        
AWS Backup backup  
AWS Batch batch  
AWS Billing Conductor* billingconductor  
AWS Budgets* budgets  
AWS Certificate Manager (ACM) acm  
AWS Chatbot          
AWS Cloud9 cloud9        
AWS Cloud Map servicediscovery  
AWS CloudFormation cloudformation
AWS CloudHSM cloudhsm  
AWS CloudShell    
AWS CloudTrail cloudtrail
AWS CodeBuild codebuild  
AWS CodeCommit codecommit  
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline  
AWS Compute Optimizer     DISA Review DISA Review  
AWS Config config
AWS Control Tower controltower  
AWS Cost and Usage Reports*    
AWS Cost Explorer* ce  
AWS Database Migration Service (DMS) dms
AWS Data Pipeline datapipeline        
AWS DataSync datasync
AWS Diode      
AWS Direct Connect directconnect
AWS Directory Service ds
AWS Edge Hub*    
AWS Elastic Beanstalk elasticbeanstalk  
AWS Elastic Disaster Recovery (DRS)          
AWS Elemental MediaConvert mediaconvert  
AWS Elemental MediaLive          
AWS Fargate [feature of ECS]  
AWS Fargate [feature of EKS]          
AWS Fault Injection Service        
AWS Firewall Manager fms  
AWS Global Accelerator   3PAO Assessment        
AWS Glue glue  
AWS Glue DataBrew databrew DISA Review DISA Review  
AWS Ground Station groundstation        
AWS Health Dashboard health
AWS HealthLake          
AWS HealthOmics          
AWS Identity and Access Management (IAM) iam
AWS IAM Identity Center (successor to AWS Single Sign-On)      
AWS IoT Core iot  
AWS IoT Device Defender   DISA Review DISA Review  
AWS IoT Device Management iot  
AWS IoT Events    
AWS IoT Greengrass greengrass  
AWS IoT SiteWise      
AWS IoT TwinMaker     DISA Review DISA Review  
AWS Key Management Service (KMS) kms
AWS Lambda lambda
AWS License Manager license-manager
AWS Mainframe Modernization          
AWS Managed Services (AMS)    
AWS Management Console*    
AWS Marketplace*  
AWS Network Firewall network-firewall  
AWS Outposts (Software)** outposts
AWS Organizations organizations  
AWS Opsworks (Chef Automate and Puppet Enterprise)          
AWS Private Certificate Authority      
AWS PrivateLink [feature of VPC]  
AWS Resource Access Manager (AWS RAM) ram
AWS Resource Groups resource-groups  
AWS Secrets Manager secretsmanager
AWS Security Hub securityhub  
AWS Server Migration Service(SMS) sms  
AWS Serverless Application Repository serverlessrepo  
AWS Service Catalog servicecatalog  
AWS Service Quotas* servicequotas  
AWS Shield (Standard and Advanced) shield, DDoSProtection        
AWS Signer          
AWS Snowball snowball
AWS Snowball Edge   DISA Review DISA Review
AWS Snowmobile  
AWS Step Functions states
AWS Storage Gateway storagegateway  
AWS Systems Manager ssm
AWS Transfer Family transfer  
AWS Transit Gateway [feature of VPC]  
AWS Trusted Advisor  
AWS Web Application Firewall (WAF) wafv2  
AWS Web Application Firewall Classic (WAF Classic) waf-regional  
AWS Well-Architected Tool wellarchitected      
AWS Wickr wickr DISA Review DISA Review  
AWS X-Ray xray  
Elastic Load Balancing [feature of EC2] elasticloadbalancing
Network Load Balancer (NLB) [feature of Elastic Load Balancing]  
VM Import/Export [feature of EC2]  

*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.  

Want More Information About Services in Scope?