AWS Services in Scope by Compliance Program

— Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

Services going through DoD CC SRG assessment and authorization will have the following status:

  • Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment
  • Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review

* Services not within the scope of DISA review. As such, DISA has issued neither an approval nor disapproval decision regarding this product under the DoD CC SRG. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent Mission Owner approval.
** Denotes the service is Impact Level 6 authorized, but not Generally Available (GA) in the region.

DoD CC SRG Last updated: July 18, 2024
SERVICES / PROGRAMS SDKs DoD CC SRG IL2 (East/West) DoD CC SRG IL2 (GovCloud) DoD CC SRG IL4 (GovCloud) DoD CC SRG IL5 (GovCloud) DoD CC SRG IL6 (AWS Secret Region)
Amazon AppFlow
Amazon API Gateway apigateway  
Amazon AppStream 2.0 appstream  
Amazon Athena** athena
Amazon Aurora MySQL  
Amazon Aurora PostgreSQL  
Amazon Bedrock   3PAO Assessment      
Amazon Chime chime        
Amazon Chime SDK chime
Amazon Cloud Directory clouddirectory   
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences] cloudfront        
Amazon CloudWatch cloudwatch
Amazon CloudWatch Logs logs
Amazon Cognito cognito-idp, cognito-identity, cognito-sync  
Amazon Comprehend comprehend  
Amazon Comprehend Medical comprehendmedical  
Amazon Connect connect  
Amazon Data Firehose firehose
Amazon Detective detective  
Amazon DevOps Guru          
Amazon DocumentDB (with MongoDB compatibility)   DISA Review DISA Review  
Amazon DynamoDB dynamodb
Amazon EC2 Image Builder imagebuilder
Amazon Elastic Block Store (EBS) ebs
Amazon Elastic Compute Cloud (EC2) ec2
Amazon Elastic Container Registry (ECR) ecr
Amazon Elastic Container Service (ECS) ecs
Amazon Elastic File System (EFS) efs
Amazon Elastic Kubernetes Service (EKS) eks
Amazon ElastiCache elasticache
Amazon Elastic MapReduce (EMR) elasticmapreduce
Amazon EventBridge events
Amazon FinSpace finspace        
Amazon Forecast amazonforecast        
Amazon FSx    
Amazon GuardDuty guardduty  
Amazon Inspector inspector2  
Amazon Inspector Classic inspector  
Amazon Kendra kendra  
Amazon Keyspaces (for Apache Cassandra) keyspaces  
Amazon Kinesis Data Streams kinesis
Amazon Lex runtime.lex, models.lex  
Amazon Macie macie2        
Amazon Managed Service for Apache Flink [formerly Amazon Kinesis Data Analytics]    
Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka  
Amazon MemoryDB          
Amazon MQ mq  
Amazon Neptune neptune-db  
Amazon OpenSearch Service elasticsearchservice
Amazon Pinpoint mobiletargeting  
Amazon Polly polly  
Amazon Quantum Ledger Database (QLDB) qldb        
Amazon QuickSight quicksight  
Amazon RDS (MariaDB)  
Amazon RDS (MySQL)  
Amazon RDS (Oracle)  
Amazon RDS (Postgres)  
Amazon RDS (SQL Server)  
Amazon Redshift redshift
Amazon Rekognition rekognition  
Amazon Route 53 route53
Amazon S3 Glacier glacier
Amazon SageMaker [excludes Amazon SageMaker Studio Lab] sagemaker
Amazon Simple Email Service (SES) ses  
Amazon Simple Notification Service (SNS) sns
Amazon Simple Queue Service (SQS) sqs
Amazon Simple Storage Service (S3) s3
Amazon Simple Workflow Service (SWF) swf
Amazon Textract textract  
Amazon Timestream for LiveAnalytics timestream  
Amazon Transcribe transcribe  
Amazon Translate translate  
Amazon Virtual Private Cloud (VPC) ec2
Amazon WorkDocs workdocs        
Amazon WorkSpaces workspaces
Amazon WorkSpaces Secure Browser          
AWS Application Auto Scaling application-autoscaling  
AWS Application Migration Service (MGN)   DISA Review DISA Review  
AWS App Mesh appmesh        
AWS Artifact*    
AWS Audit Manager auditmanager        
AWS Backup backup  
AWS Batch batch  
AWS Billing Conductor* billingconductor  
AWS Budgets* budgets  
AWS Certificate Manager (ACM) acm  
AWS Chatbot          
AWS Cloud9 cloud9        
AWS Cloud Map servicediscovery  
AWS CloudFormation cloudformation
AWS CloudHSM cloudhsm  
AWS CloudShell    
AWS CloudTrail cloudtrail
AWS CodeBuild codebuild  
AWS CodeCommit codecommit  
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline  
AWS Compute Optimizer      
AWS Config config
AWS Control Tower controltower  
AWS Cost and Usage Reports*    
AWS Cost Explorer* ce  
AWS Database Migration Service (DMS) dms
AWS Data Pipeline datapipeline        
AWS DataSync datasync
AWS Diode      
AWS Direct Connect directconnect
AWS Directory Service ds
AWS Edge Hub*    
AWS Elastic Beanstalk elasticbeanstalk  
AWS Elastic Disaster Recovery (AWS DRS)          
AWS Elemental MediaConvert mediaconvert  
AWS Elemental MediaLive          
AWS Fault Injection Service    
AWS Firewall Manager fms  
AWS Glue glue  
AWS Glue DataBrew databrew  
AWS Ground Station groundstation        
AWS Health Dashboard health
AWS HealthLake          
AWS HealthOmics          
AWS Identity and Access Management (IAM) iam
AWS IAM Identity Center      
AWS IoT Core iot  
AWS IoT Device Defender    
AWS IoT Device Management iot  
AWS IoT Events    
AWS IoT Greengrass greengrass  
AWS IoT SiteWise      
AWS IoT TwinMaker      
AWS Key Management Service (KMS) kms
AWS Lambda lambda
AWS License Manager license-manager
AWS Mainframe Modernization          
AWS Managed Services (AMS)    
AWS Management Console*    
AWS Marketplace*  
AWS Network Firewall network-firewall  
AWS Network Manager networkmanager DISA Review DISA Review  
AWS Outposts (Software)** outposts
AWS Organizations organizations  
AWS Private Certificate Authority    
AWS Resource Access Manager (AWS RAM) ram
AWS Resource Groups resource-groups  
AWS Secrets Manager secretsmanager
AWS Security Hub securityhub  
AWS Server Migration Service (SMS) sms  
AWS Serverless Application Repository serverlessrepo  
AWS Service Catalog servicecatalog  
AWS Service Quotas* servicequotas  
AWS Shield (Standard and Advanced) shield, DDoSProtection        
AWS Signer          
AWS Snowball snowball
AWS Snowball Edge  
AWS Snowmobile  
AWS Step Functions states
AWS Storage Gateway storagegateway  
AWS Systems Manager ssm
AWS Transfer Family transfer  
AWS Trusted Advisor  
AWS Web Application Firewall (WAF) wafv2  
AWS Web Application Firewall Classic (WAF Classic) waf-regional  
AWS Well-Architected Tool wellarchitected  
AWS Wickr wickr  
AWS X-Ray xray  

*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.  

Want More Information About Services in Scope?