AWS GovCloud (US) is an isolated AWS region designed to host sensitive data and regulated workloads in the cloud, helping customers support their U.S. government compliance requirements, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) is operated by employees who are vetted "U.S. Persons" and root account holders of AWS accounts must confirm they are U.S. Persons before being granted access credentials to the region.
AWS GovCloud (US) is available to U.S. government agencies and organizations in government-regulated industries, that meet GovCloud (US) requirements for access.
Click here to get started with AWS GovCloud (US).
FedRAMP is government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. AWS GovCloud (US) has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the Federal Risk and Authorization Management Program (FedRAMP) High baseline.
The FedRAMP High baseline gives government agencies a streamlined process for using AWS GovCloud (US) for mission critical applications and regulated IT workloads. Customers can request access to the "Amazon Web Services - AWS GovCloud (US) Region" FedRAMP package by submitting a request on the Compliance Contact Us Request Form.
For the fastest path to an ATO, customers should access the AWS NIST Quick Start tools in the AWS GovCloud (US) Console and deploy FedRAMP High compliant architectures with the click of a button. Learn more.
What is FedRAMP High?
• FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
• The new FedRAMP High baseline is mapped to National Institute of Standards and Technology (NIST) security controls, and includes over 400 security measures.
• The FedRAMP High baseline applies to non-classified technology systems under the Federal Information Security Management Act (FISMA), with “High” characterized as if the loss of confidentiality, integrity, or availability of that data could be expected to have a severe or catastrophic effect on organizational operations, assets, or individuals.
Contact an AWS business representative to learn more about AWS GovCloud (US).
Learn about CSRA’s migration to AWS GovCloud (US) for the majority of their apps and most sensitive data. See how CSRA is leveraging its hands-on experience with AWS GovCloud (US) to better serve government customers with strict regulatory compliance needs, including FedRAMP High requirements. Read the Case Study and view the CSRA Summit session video.
After acquiring a series of Independent Power Producers (IPPs) and their IT assets, Talen Energy consolidated IT and fully migrated to AWS GovCloud (US), ensuring security while meeting NRC, FERC and 10 CFR 810 regulatory requirements. Read more.
For Oracle, SAP and Microsoft Windows applications, reliability is critical. Organizations have traditionally provisioned applicaitons for peak demand and disaster recovery scenarios, which often left IT resources idle or underutilized. With AWS, you can improve reliability with cloud backups and optimize costs by paying only for the cloud resources you use.
Many agencies are amassing large data sets that hold critical insights. With AWS, you can spin up massive on-demand clusters of compute resources in minutes and obtain the intelligence needed to meet your mission and better serve citizens.
As their volume of data continues to grow, organizations are struggling to add the capacity needed to meet their primary storage and backup requirements. With AWS, you can easily access durable and cost-effective cloud storage managed by US persons, meeting your data security requirements and scaling up or down as needed.
Web applications have unique scalability requirements, since usage is difficult to predict. With AWS, you can combine reserved IT resources for predictable workloads, with on-demand resources to handle unexpected spikes, lowering costs while optimizing performance.