In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with customer mandates, security best practices, provides appropriate security features in those services, and documents how to use those features. See all AWS security services offered in AWS GovCloud (US) Regions here.

AWS cloud infrastructure has been designed and managed in alignment with regulations, standards, and best-practices including:

For information regarding the Department of Defense Cloud Security Model, see the frequently asked questions.

Read more about AWS Compliance & Assurance Programs. Customers can immediately request access to the "Amazon Web Services - AWS GovCloud (US) Region" FedRAMP package by submitting a request on the Compliance Contact Us Request Form

Delivering a secure cloud computing platform involves implementing numerous best practices for on-premise infrastructure as well as a host of additional considerations unique to a hosted infrastructure environment. The Amazon Web Services: Overview of Security Processes whitepaper will provide background information and an overview of the AWS philosophy in offering a secure cloud computing platform.

Amazon Web Services strives to provide a robust and trustworthy platform for our customers. We take security very seriously and continually monitor our services for suspected attack. We also understand that security is a partnership between us and our customers. A critical phase of any secure application deployment involves testing applications for potential vulnerabilities.

AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval. Please ensure that these activities are aligned with the policy set out below. Note: Customers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves. If you discover a security issue within any AWS services in the course of your security assessment, please contact AWS Security immediately.

The full policy can be viewed on the Security Testing page. If you have questions about vulnerability or penetration testing, contact: