AWS Public Sector Blog

Cloud Security Built for Government Missions

Cloud technology continues to be a major catalyst in how the federal government can achieve operational efficiencies and innovate on demand to advance their mission. Many government agencies, including the Department of Defense (DoD) and other agencies with mission-critical workloads, are using AWS’s utility-based cloud offerings to process, store, and transmit federal government data. As evidenced by the full range of our Authorizations-To-Operate, third-party attestations, and certifications, the AWS Cloud provides government customers with the only one-stop shop to handle Public, For Official Use Only (FOUO), Sensitive, Secret, and Top Secret workloads.

Our innovation is driven by the demands of millions of customers – ranging from individuals to the world’s largest companies and governments. Just as our customers have influenced our achievements, they also influence where we go next.

Full range of classification workloads on AWS

AWS is the first and only commercial cloud provider to offer regions to serve government workloads across the full range of data classifications.

In August 2011, AWS became the first cloud provider to announce a cloud that meets the needs of the U.S. government and other highly regulated industries, AWS GovCloud (US). In May 2013, AWS became the first major cloud provider to achieve the US government’s FedRAMP compliance standard, and in June 2016, AWS became the first to be granted authorization for FedRAMP High workloads. Then, AWS achieved authorization for DoD SRG Impact Level 5 workloads, including National Security Systems in September 2017. With the recent launch of the AWS Secret Region, AWS became the first commercial cloud provider to launch a region dedicated to run U.S government workloads that require some of the highest protections and safeguards.

By serving the entire spectrum of the U.S. government’s data requirements, AWS enables federal agencies, military organizations, and their contractors to leverage the secure AWS environments.

Security and Compliance – Why it Matters

All federal government agencies, including the DoD, are required to adhere to certain compliance requirements. These requirements are meant to inject consistency and confidence in the security of a cloud provider solution. However, not all Cloud Service Providers (CSPs) are equal.

To enable extremely high security levels for our customers, AWS employs a robust set of security technologies and practices, including encryption and access control features that exceed government security requirements. These controls have resulted in AWS’s alignment and compliance with the U.S. government’s security and control requirements contained within FedRAMP and DoD SRG. This means that when a customer deploys an application on the AWS infrastructure, they fully inherit the security controls pertaining to the AWS physical, environmental, and media protection controls that serve as the basis for our FedRAMP and DoD SRG compliance. This allows customers to focus on innovation and solution building, and not on the underlying security compliance of the infrastructure.

Our government customers are quickly realizing that migrating to the AWS Cloud is an opportunity to improve their level of security assurance and reduce operational risk.

Regarding partnering with AWS, “It’s the best decision we ever made, it’s the most innovative thing we’ve ever done. It is making a material difference and having a material impact on both the CIA and the IC,” said John G. Edwards, Chief Information Officer, CIA, at the 2017 AWS Public Sector Summit in Washington, DC.

Choosing the Right Cloud

Accreditations outline an important set of requirements and provide a level of comfort to customers. However, security is only one element of choosing the right cloud. When a customer migrates to AWS, they also immediately benefit from a global infrastructure built like no other in the world, which is constantly being iterated upon to bring better functions, capabilities, and security.

AWS also provides customers with an unmatched catalog of services and solutions that represents more functionality than anybody else, as well as a larger, more mature community of service providers, software developers, software solutions, and systems integrators through the AWS Partner Network (APN).

Learn more about the evolution of cloud and how AWS allows customers to scale and innovate, while still maintaining a secure environment.

AWS Public Sector Blog Team

AWS Public Sector Blog Team

The Amazon Web Services (AWS) Public Sector Blog team writes for the government, education, and nonprofit sector around the globe. Learn more about AWS for the public sector by visiting our website (https://aws.amazon.com/government-education/), or following us on Twitter (@AWS_gov, @AWS_edu, and @AWS_Nonprofits).