The AWS cloud provides scalable cost-efficient solutions for the US Federal Government. Our cloud services can be employed to meet mandates, reduce costs, drive efficiencies, and increase innovation across Civilian agencies and the Department of Defense. It is a pay-as-you-go model, delivering access to up-to-date technology resources that are managed by experts. Simply access AWS services over the internet, with no upfront costs (no capital investment), and pay only for the computing resources that you use, as your needs scale.
U.S. government agencies can evaluate AWS GovCloud (US) for their applications and workloads, complete their own authorizations to use AWS, and deploy systems into the AWS environment. Customers can immediately request access to "Amazon Web Services - AWS GovCloud (US) Region" FedRAMP package by submitting a request on the Compliance Contact Us Request Form or by submitting a request through the FedRAMP Program Management Office.
AWS GovCloud (US) has been granted a Joint Authorization Board Provisional Authority-To-Operate (JAB P-ATO) and multiple Agency Authorizations (A-ATO) for high impact level. The services in scope of the AWS GovCloud (US) JAB P-ATO boundary at high baseline security categorization can be found within AWS Services in Scope by Compliance Program. For a complete list of authorizing agencies who have issued an ATO on AWS GovCloud (US), please visit FedRAMP Compliant Systems.
Workloads that are appropriate for the AWS GovCloud (US) Region include all categories of Controlled Unclassified Information (CUI), including ITAR, as well as Government oriented publicly available data. Because the AWS GovCloud (US) Region is physically and logically accessible by US persons only and also supports FIPS 140-2 compliant end points, customers can manage more heavily regulated data in AWS while remaining compliant with federal requirements.
The AWS GovCloud (US) Region is an AWS Region designed to address the specific regulatory needs of United States government agencies, education entities, and other customers and partners.
The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) provides a formalized assessment and authorization process for cloud service providers (CSPs) to gain a DoD Provisional Authorization, which can subsequently be leveraged by DoD customers. A Provisional Authorization under the SRG provides a reusable certification that attests to our compliance with DoD standards, reducing the time necessary for a DoD mission owner to assess and authorize their systems and workloads for operation on AWS.
Additional information on the SRG, including the full definition of the security control baselines defined for Levels 2 and 4 can be found here.
AWS recognizes that when law enforcement places data in the cloud it puts an absolute priority on timely and secure access to information, wherever and whenever it is needed. To meet these needs, the AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available for storing criminal justice information. Our architecture provides an extremely scalable, highly reliable platform enabling customers to deploy applications and data quickly and securely in support of a wide variety of security and regulatory requirements, to include Criminal Justice Information Services (CJIS) workloads according to the CJIS Security Policy.
In the spirit of a shared responsibility philosophy AWS has created a Criminal Justice Information Services (CJIS) Workbook in a security plan template format aligned to the CJIS Policy Areas. This Workbook is intended to support our partners documenting their alignment to CJIS security requirements. Furthermore, the template provides our partners and customer agencies a systematic approach to documenting their implementation of CJIS security requirements for review and authorization. The workbook provides an overview of CJIS, AWS and AWS services, and the AWS/Customer applicability of CJIS requirements and is available for download here.
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. AWS has two separate FedRAMP Agency ATOs in the FedRAMP Repository; one ATO applicable to the AWS US East/West regions, and the other applicable to the AWS GovCloud (US) Region. AWS US East/West is a multi-tenant public cloud for federal, state, and local government customers, as well as enterprise customers, and is designed to meet a wide range of regulatory requirements, including government compliance and security requirements. AWS GovCloud (US) is an AWS Region designed to allow US government agencies, contractors and customers to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements, such as ITAR, which governs how organizations manage and store defense-related data. Additional information is available at AWS GovCloud (US) Region.
Agencies and federal contractors can immediately request access to the AWS HHS ATO packages by submitting a FedRAMP Package Access Request Form for the "Amazon Web Services - AWS GovCloud (US) Region" with package ID "AGENCYAMAZONGC" and the "Amazon Web Services - US East/West Region" with package ID "AGENCYAMAZONEW". Additional information on FedRAMP, including the FedRAMP Concept of Operations (CONOPS) and Guide to Understanding FedRAMP, can be found at http://cloud.cio.gov/fedramp.
Services in Scope
The following services are in the accreditation boundary for the regions stated:
Amazon Redshift: Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost-effective to efficiently analyze all your data using your existing business intelligence tools.
Amazon Elastic Compute Cloud (Amazon EC2): Amazon EC2 provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.
Amazon Simple Storage Service (S3): Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web.
Amazon Virtual Private Cloud (VPC): Amazon VPC provides the ability for you to provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define.
Amazon Elastic Block Store (EBS): Amazon EBS provides highly available, highly reliable, predictable storage volumes that can be attached to a running Amazon EC2 instance and exposed as a device within the instance.
AWS Identity and Access Management (IAM): IAM enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
Click here for all our AWS Public Sector Case studies.
In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with customer mandates, security best practices, provides appropriate security features in those services, and documents how to use those features.
The AWS cloud infrastructure has been designed and managed in alignment with regulations, standards, and best-practices including:
Read more about AWS Compliance & Assurance Programs.
The AWS Partner Network
The AWS Partner Network is made up of a strong and growing community of companies that offer a wide range of products and services on the AWS platform. To find the type of AWS Partner that meets your needs, use the search criteria in this directory to refine your search. Click here »