AWS Services in Scope by Compliance Program

— Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

Click here for full list of services covered under the AWS compliance programs.

Services going through DoD CC SRG assessment and authorization will have the following status:

Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor
Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review
Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review

* Services not within the scope of DISA review. As such, DISA has issued neither an approval nor disapproval decision regarding this product under the DoD CC SRG. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent Mission Owner approval.
** Denotes the service is Impact Level 6 authorized, but not Generally Available (GA) in the region.

DoD CC SRG

SERVICES / PROGRAMS	SDKs	DoD CC SRG IL2 (East/West)	DoD CC SRG IL2 (GovCloud)	DoD CC SRG IL4 (GovCloud)	DoD CC SRG IL5 (GovCloud)	DoD CC SRG IL6 (AWS Secret Region )
Amazon API Gateway	apigateway	✓	✓	✓	✓	✓
Amazon AppStream 2.0	appstream	✓	✓	✓	✓
Amazon Athena**	athena	✓	✓	✓	✓	✓
Amazon Aurora MySQL		✓	✓	✓	✓	✓
Amazon Aurora PostgreSQL		✓	✓	✓	✓	✓
Amazon Bedrock		3PAO Assessment
Amazon Chime	chime	✓
Amazon Chime SDK	chime identity-chime media-pipelines-chime messaging-chime meetings-chime voice-chime	3PAO Assessment	✓	✓	✓
Amazon Cloud Directory	clouddirectory	✓	✓	✓	✓
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences]	cloudfront	✓
Amazon CloudWatch	cloudwatch	✓	✓	✓	✓	✓
Amazon CloudWatch Logs	logs	✓	✓	✓	✓	✓
Amazon Cognito	cognito-idp, cognito-identity, cognito-sync	✓	✓	✓	✓
Amazon Comprehend	comprehend	✓	✓	✓	✓
Amazon Comprehend Medical	comprehendmedical	✓	✓	✓	✓
Amazon Connect [excludes Wisdom, VoiceID, Outbound Campaigns, and GetMetricDataV2 API]	connect	✓	✓	✓	✓
Amazon Detective	detective	✓	✓	✓	✓
Amazon DevOps Guru		✓
Amazon DynamoDB	dynamodb	✓	✓	✓	✓	✓
Amazon EC2 Auto Scaling [feature of EC2]	autoscaling	✓	✓	✓	✓	✓
Amazon EC2 Image Builder	imagebuilder	✓	✓	✓	✓	✓
Amazon Elastic Block Store (EBS)	ebs	✓	✓	✓	✓	✓
Amazon Elastic Compute Cloud (EC2)	ecs	✓	✓	✓	✓	✓
Amazon Elastic Container Registry (ECR)	ecr	✓	✓	✓	✓	✓
Amazon Elastic Container Service (ECS)	ecs	✓	✓	✓	✓	✓
Amazon Elastic File System (EFS)	efs	✓	✓	✓	✓	✓
Amazon Elastic Kubernetes Service (EKS)	eks	✓	✓	✓	✓	✓
Amazon ElastiCache	elasticache	✓	✓	✓	✓	✓
Amazon EMR	elasticmapreduce	✓	✓	✓	✓	✓
Amazon EventBridge	events	✓	✓	✓	✓	✓
Amazon FinSpace	finspace	✓
Amazon Forecast	amazonforecast	✓
Amazon FSx		✓	✓	✓	✓
Amazon GuardDuty [excludes Amazon GuardDuty EKS Runtime Monitoring]	guardduty	✓	✓	✓	✓
Amazon HealthLake		3PAO Assessment
Amazon Inspector	inspector2	✓	✓
Amazon Inspector Classic	inspector	✓	✓	✓	✓
Amazon Kendra	kendra	✓	✓	✓	✓
Amazon Keyspaces (for Apache Cassandra)	keyspaces	✓	✓	✓	✓
Amazon Kinesis Data Analytics	kinesisanalytics	✓	✓	✓	✓
Amazon Kinesis Data Firehose	firehose	✓	✓	✓	✓
Amazon Kinesis Data Streams	kinesis	✓	✓	✓	✓	✓
Amazon Lex	runtime.lex, models.lex	✓	✓	✓	✓
Amazon Macie	macie2	✓
Amazon Macie Classic	macie	✓
Amazon Managed Streaming for Apache Kafka (Amazon MSK)	kafka	✓	✓	✓	✓
Amazon MemoryDB for Redis		✓
Amazon MQ	mq	✓	✓	✓	✓
Amazon Neptune	neptune-db	✓	✓	✓	✓
Amazon Omics		✓
Amazon OpenSearch Service	elasticsearchservice	✓	✓	✓	✓	✓
Amazon Pinpoint	mobiletargeting	✓	✓	✓	✓
Amazon Polly	polly	✓	✓	✓	✓
Amazon Quantum Ledger Database (QLDB)	qldb	✓
Amazon QuickSight	quicksight	✓	✓	✓	✓
Amazon RDS (MariaDB)		✓	✓	✓	✓	✓
Amazon RDS (MySQL)		✓	✓	✓	✓	✓
Amazon RDS (Oracle)		✓	✓	✓	✓	✓
Amazon RDS (Postgres)		✓	✓	✓	✓	✓
Amazon RDS (SQL Server)		✓	✓	✓	✓	✓
Amazon Redshift	redshift	✓	✓	✓	✓	✓
Amazon Rekognition	rekognition	✓	✓	✓	✓
Amazon Route 53	route53	✓	✓	✓	✓	✓
Amazon S3 Glacier	glacier	✓	✓	✓	✓	✓
Amazon SageMaker [excludes Amazon SageMaker Studio Lab]	sagemaker	✓	✓	✓	✓	✓
Amazon Simple Email Service (SES)	ses	✓	✓	✓	✓
Amazon Simple Notification Service (SNS)	sns	✓	✓	✓	✓	✓
Amazon Simple Queue Service (SQS)	sqs	✓	✓	✓	✓	✓
Amazon Simple Storage Service (S3)	s3	✓	✓	✓	✓	✓
Amazon Simple Workflow Service (SWF)	swf	✓	✓	✓	✓	✓
Amazon Textract	textract	✓	✓	✓	✓
Amazon Timestream	timestream	✓	3PAO Assessment
Amazon Transcribe	transcribe	✓	✓	✓	✓
Amazon Translate	translate	✓	✓	✓	✓
Amazon Virtual Private Cloud (VPC)	ec2	✓	✓	✓	✓	✓
Amazon WorkDocs	workdocs	✓
Amazon WorkSpaces	workspaces	✓	✓	✓	✓	✓
Amazon WorkSpaces Web		JAB Review
AWS Application Auto Scaling	application-autoscaling		✓	✓	✓	✓
AWS Application Migration Service (MGN)		✓
AWS App Mesh	appmesh	✓
AWS Artifact*		✓	✓	✓	✓
AWS Audit Manager	auditmanager	✓
AWS Auto Scaling	autoscaling			✓
AWS Backup	backup	✓	✓	✓	✓
AWS Batch	batch	✓	✓	✓	✓
AWS Billing Conductor*	billingconductor	✓	✓	✓	✓
AWS Budgets*	budgets	✓	✓	✓	✓
AWS Certificate Manager (ACM)	acm	✓	✓	✓	✓
AWS Chatbot		✓
AWS Cloud9	cloud9	✓
AWS Cloud Map	servicediscovery	✓	✓	✓	✓
AWS CloudFormation	cloudformation	✓	✓	✓	✓	✓
AWS CloudHSM	cloudhsm	✓	✓	✓	✓
AWS CloudShell		✓	✓	✓	✓
AWS CloudTrail	cloudtrail	✓	✓	✓	✓	✓
AWS CodeBuild	codebuild	✓	✓	✓	✓
AWS CodeCommit	codecommit	✓	✓	✓	✓
AWS CodeDeploy	codedeploy	✓	✓	✓	✓	✓
AWS CodePipeline	codepipeline	✓	✓	✓	✓
AWS Compute Optimizer			JAB Review
AWS Config	config	✓	✓	✓	✓	✓
AWS Control Tower	controltower	✓	✓	DISA Review	DISA Review
AWS Cost and Usage Reports*		✓	✓	✓	✓
AWS Cost Explorer*	ce	✓	✓	✓	✓
AWS Database Migration Service (DMS)	dms	✓	✓	✓	✓	✓
AWS Data Pipeline	datapipeline					✓
AWS DataSync	datasync	✓	✓	✓	✓
AWS Diode				✓	✓	✓
AWS Direct Connect	directconnect	✓	✓	✓	✓	✓
AWS Directory Service	ds	✓	✓	✓	✓	✓
AWS Elastic Beanstalk	elasticbeanstalk	✓	✓	✓	✓
AWS Elastic Disaster Recovery (DRS)		✓
AWS Elemental MediaConvert	mediaconvert	✓	✓	✓	✓
AWS Fargate [feature of ECS]		✓	✓	✓	✓	✓
AWS Fargate [feature of EKS]		✓
AWS Fault Injection Simulator		✓	✓
AWS Firewall Manager	fms	✓	✓	✓	✓
AWS Global Accelerator		3PAO Assessment
AWS Glue	glue	✓	✓	✓	✓
AWS Glue DataBrew	databrew	✓	3PAO Assessment
AWS Ground Station	groundstation	✓
AWS Health Dashboard	health	✓	✓	✓	✓	✓
AWS Identity and Access Management (IAM)	iam	✓	✓	✓	✓	✓
AWS IAM Identity Center (Successor to AWS Single Sign-On)			✓	✓	✓
AWS IoT Core	iot	✓	✓	✓	✓
AWS IoT Device Defender		JAB Review	JAB Review
AWS IoT Device Management	iot	✓	✓	✓	✓
AWS IoT Events		✓	✓	DISA Review	DISA Review
AWS IoT Greengrass	greengrass	✓	✓	✓	✓
AWS IoT SiteWise			✓	✓	✓
AWS IoT TwinMaker			JAB Review
AWS Key Management Service (KMS)	kms	✓	✓	✓	✓	✓
AWS Lambda	lambda	✓	✓	✓	✓	✓
AWS Liberty						✓
AWS License Manager	license-manager	✓	✓	✓	✓	✓
AWS Mainframe Modernization		3PAO Assessment
AWS Managed Services (AMS)		✓	✓	✓	✓
AWS Management Console*		✓	✓	✓	✓
AWS Marketplace*		✓	✓	✓	✓
AWS Network Firewall	network-firewall	✓	✓	✓	✓
AWS Outposts (Software)**	outposts	✓	✓	✓	✓	✓
AWS Organizations	organizations	✓	✓	✓	✓
AWS Opsworks (Chef Automate and Puppet Enterprise)		✓
AWS Private Certificate Authority			✓	✓	✓
AWS PrivateLink [feature of VPC]		✓	✓	✓	✓	✓
AWS Resource Access Manager (AWS RAM)	ram	✓	✓	✓	✓	✓
AWS Resource Groups	resource-groups	✓	✓	✓	✓
AWS Secrets Manager	secretsmanager	✓	✓	✓	✓	✓
AWS Security Hub	securityhub	✓	✓	✓	✓
AWS Server Migration Service (SMS)	sms	✓	✓	✓	✓
AWS Serverless Application Repository	serverlessrepo	✓	✓	✓	✓
AWS Service Catalog	servicecatalog	✓	✓	✓	✓
AWS Service Quotas*	servicequotas	✓	✓	✓	✓
AWS Shield (Standard and Advanced)	shield, DDoSProtection	✓
AWS Signer		✓
AWS Snowball	snowball	✓	✓	✓	✓	✓
AWS Snowball Edge		✓	✓	✓	✓	✓
AWS Snowmobile		✓	✓	✓	✓	✓
AWS Step Functions	states	✓	✓	✓	✓	✓
AWS Storage Gateway	storagegateway	✓	✓	✓	✓
AWS Systems Manager	ssm	✓	✓	✓	✓	✓
AWS Transfer Family	transfer	✓	✓	✓	✓
AWS Transit Gateway [feature of VPC]		✓	✓	✓	✓	✓
AWS Trusted Advisor		✓	✓	✓	✓	✓
AWS Web Application Firewall (WAF)	wafv2	3PAO Assessment	✓	✓	✓
AWS Web Application Firewall Classic (WAF Classic)	waf-regional	✓	✓	✓	✓
AWS Well-Architected Tool	wellarchitected	✓	✓
AWS Wickr	wickr	✓	JAB Review
AWS X-Ray	xray	✓	✓	✓	✓
Elastic Load Balancing [feature of EC2]	elasticloadbalancing	✓	✓	✓	✓	✓
Network Load Balancer (NLB) [feature of Elastic Load Balancing]		✓	✓	✓	✓	✓
VM Import/Export [feature of EC2]		✓	✓	✓	✓	✓

^{*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.}

AWS Services in Scope by Compliance Program

— Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

Want More Information About Services in Scope?

Ending Support for Internet Explorer