ATO on AWS consists of varying resources that help expedite the authorization process. APN Partners in this program have access to both technical Security Automation and Orchestration (SAO) capabilities as well as direct engament with highly qualified AWS compliance specialists.
The ATO on AWS program reduces the time and cost associated with achieving compliance certifications and authorizations while enabling a capability to continuously develop, integrate, and monitor a solution throughout its lifecycle. The program is a partner-driven process which includes training, tools, pre-built CloudFormation templates, control implementation details, and pre-built policy/procedure artifacts.
Benefits of ATO on AWS
Best practices for meeting compliance requirements for solutions on AWS, and maintaining a compliant environment effectively and efficiently over time.
Guidance, templates, and tools
Reusable artifacts, tools, and pre-built templates that ISVs can use to build and optimize DevOps, SecOps, Continuous Integration/Continuous Delivery (CI/CD), and Continuous Risk Treatment (CRT) using proven techniques from AWS Security Automation and Orchestration (SAO). Additionally, we have partnered with multiple solution providers who provide products and tools that help simplify and accelerate compliance authorization and management.
Qualified AWS compliance specialists will provide mentorship, oversight, and support through the process, from planning to authorization. We also have expert consulting partners trained in SAO who can be contracted to manage and support the process and resources.
Joint partner programs
We will be supporting our leading AWS partners in the development and delivery of programs that add value to “ATO on AWS” by providing more options to unique capabilities to ISVs.
Once ISVs achieve their ATO, we will jointly develop and execute a marketing plan to raise awareness and educate customers about the solution. Solutions will be published and marketed on the “ATO on AWS” landing page, and have the option of publication of a written or video case study/testimonial.
Qualified for Compliant Workloads
AWS supports Managed Service Providers (MSPs) to build and support environments that meet specific compliance standards. These MSPs will be good options for ISVs who prefer to minimize and simplify their area of responsibility by offloading hosting and compliance management.
Achieving FedRAMP Compliance
Customers and Solution Providers interested in pursuing FedRAMP or in the process of achieving ATO on AWS should fill out this form.
Achieving other Compliance Authorizations
Customers and Solution Providers interested in achieving any other compliance authorizations should contact ATOonAWS@amazon.com for more information.
Find an ATO on AWS Partner
Interested in working with an APN Partner who has a proven track record of achieving key public sector security and compliance certifications and authorizations? Check out our APN Partners below:
These APN Consulting Partners are vetted security partners providing consulting, deployment and integration services; as well as a staff of AWS partner security strategists that can provide high-level advisory services to end customers and partners alike.
CloudHesive and our team has experience in working with private sector providers in designing, documenting, building and managing their platforms’ operating environments, including the selection and implementation of appropriate marketplace solutions and the creation of supporting documentation (package/materials) for ATO submittals.
CloudHesive’s experience with native AWS services, the AWS ecosystem-at-large and the ATO process allow us to design, document (package/materials), build and manage the environments in support of your mission or your customer’s mission, including both shrink-wrap and custom developed software.
Coalfire offers automation, engineering, and advisory services to enable FedRAMP ATO on AWS in dramatically less time and at reduced cost.
Coalfire, a leading FedRAMP advisor and third-party assessment organization (3PAO), has consulted and prepared over 89 clients for FedRAMP audits. Coalfire’s automation deployment techniques enable FedRAMP ATO on AWS in drastically less time and at reduced cost when compared to traditional methods.
With extensive FISMA-compliant projects across the Government, JHC Technology can take you from roadmap and planning through FISMA compliant rollout and to support of the requisite documentation. ATO on AWS delivered by JHC Technology, an APN Premier Partner, provides the efficiency, reliability, and expertise necessary to meet rigorous A&A standards.
JHC Technology delivers FISMA-compliant solutions across Government agencies, including Civilian and Defense. We take a phased approach to securely move an agency through the A&A process. Our AWS certified architects map requirements identified in discovery to FISMA controls, provision the ATO on AWS architecture, and prepare SSP documents for assessment.
Kratos is among the most experienced and trusted third-party assessment organization (3PAO) performing assessments, advisory services, and continuous monitoring for clients targeting FedRAMP ATOs. As cloud security experts, we’ve built streamlined and automated processes to accelerate our clients through the FedRAMP authorization process and help maintain their ATO.
Kratos Cybersecurity Services group has been involved with the FedRAMP program since its launch. Over our years of involvement we have focused on reducing our client’s time and level of effort for acquiring and maintaining their FedRAMP ATO. With audit automation software and deep knowledge of the AWS IaaS/PaaS solutions, we are able to provide reduced timelines and improved accuracy in audit reporting.
Quzara experts understand AWS Security – our Vendor-Agnostic team drives Automation, Compliance and Security Architecture solutions for Federal and Commercial customers.
Quzara provides strategic consulting for Federal (FedRAMP) and Commercial customers. Our AWS Certified team delivers Cyber Engineering, Compliance Documentation and Managed Security services. Our Managed services platform, Cybertorch, provides advanced Application Security Monitoring, Detection and Response capabilities for the layer which is closest to the data – your applications.
Featuring significant experience assessing AWS environments, Schellman provides customers with the ability to consolidate their SOC, PCI, ISO 27001, FedRAMP, HITRUST, penetration testing, and privacy assessments under a single assessor, utilizing a coordinated team approach and an advanced purpose-built audit collaboration platform in order to decrease internal costs for clients.
As a top 100 CPA firm, Schellman’s nearly 2,000 annual assessments and 800+ clients span industries from fintech to healthcare, and over 50% of our clients utilize more than one service. Among those, Schellman has assessed some of the most complex AWS-hosted federal and DoD deployments by FedRAMP CSPs.
Achieve FedRAMP, HIPAA, DFARS, DoD Impact Level 4/5, or PCI compliance with our accredited managed services offering. Our managed services and managed security services support workloads in all US AWS regions and AWS GovCloud regions.
The Cloud Assured Managed Services platform was designed to support 24x7x365 management of critical infrastructure requiring the most rigid compliance frameworks. Core services include Patch, Backup, Antivirus, Monitoring, Boundary protection, and Billing advisory services. Advanced security services include Incident Response, Log Aggregation and Analysis, Advanced Threat Detection, and Intrusion Detection and Prevention Services.
stackArmor’s ThreatAlert Cloud GSS helps organizations reduce the time and cost of achieving an ATO by 40 to 50%. Our unique “in-boundary” Cloud GSS provides over 150 controls along with security control definitions and a battle-tested team of experts with over 10 years of experience with FISMA, FedRAMP and AWS-based ATO’s.
We provide FedRAMP, FISMA, MARS-E 2.0 and DFARS compliance for DOD, Federal Agencies, Government Contractors, ISV’s & SaaS providers and Educational Institutions. The ThreatAlert Cloud GSS deployed within the customers’ AWS account cuts down the time and cost associated with an ATO. Our agile “pay by sprint” implementation methodology provides financial freedom from expensive consulting contracts.
ATO on AWS Technology Partners have automated software deployment solutions and pre-configured AWS environments (e.g. SaaS Solutions, AMIs, Cloudformation templates) that meet or exceed compliance requirements necessary to work with public sector customers.
Allgress ComplianceVision is the only available software solution that integrates with SAO services and Amazon Partner Network API’s to document, validate, verify, monitor, and maintain regulated AWS customer environments.
Organizations moving regulated workloads into (AWS) are faced with the time-consuming tasks of documenting, validating, verifying and maintaining compliant regulated environments. Allgress ComplianceVision (CV) accelerates all these tasks by offering a software solution that utilizes the AWS (SAO) methodology, integrates (SAO) services with (APN) Partner API’s, and provides content and guidance.
Anitian Compliance Automation harnesses the power and scale of AWS to deliver compliance at ludicrous speed. Compliance Automation automatically builds a security infrastructure, pre-configured to meet requirements for FedRAMP, PCI, ISO/GDPR, CJIS, and more. Backed with 24/7 monitoring and compliance guardrails, Compliance Automation is the fastest, proven path to certification.
Anitian Compliance Automation uses the latest automation technologies to build and configure a comprehensive security infrastructure, including endpoint security, IDS/IPS, SIEM, WAF, identity repository, configuration management, vulnerability management, container security, and more. The platform also includes a library of automation code and policy templates to accelerate DevOps teams through compliance.
Barracuda WAF for AWS protects your web, mobile and API applications from being compromised, and prevents data breaches— ensuring you maintain your reputation and your customer's confidence. Barracuda CloudGen WAF for AWS has achieved the AWS Security Competency.
The Barracuda CloudGen WAF for AWS protects applications, APIs, and mobile app backends against a variety of attacks including OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks, and combines both positive signature-based policies with robust anomaly detection capabilities to defeat today’s most sophisticated attacks.
Barracuda's Cloud Generation Firewall for AWS redefines the role of the Firewall to a distributed network optimization solution that scales across any number of locations and applications, connects on-premises and cloud infrastructures, and helps organizations transform their business. Barracuda CloudGen Firewall AWS has achieved the AWS Security Competency.
Barracuda CloudGen Firewall for AWS delivers advanced security by tightly integrating a comprehensive set of next-generation firewall technologies, including Layer 7 application profiling, intrusion prevention, web filtering, malware and advanced threat protection, antispam protection, and network access control.
Build Fast. Stay Secure. Barracuda Cloud Security Guardian watches over security and compliance in your AWS cloud infrastructure, so your builders can focus on what they do best – building your business applications. Cloud Security Guardian is CIS Benchmarks certified.
Barracuda Cloud Security Guardian is an agentless SaaS service that helps organizations stay secure while building applications in and moving workloads to the public Cloud. It provides end to end visibility of your security posture in your public cloud deployment by ensuring continuous compliance and automated remediation of security controls.
CIS Hardened Images are virtual machine images that are securely configured based on the recommendations of the CIS Benchmarks. Start secure and reduce configuration time by using AMIs that are based on configuration guidelines proven to safeguard systems against cyber threats.
CIS Hardened Images are preconfigured to CIS Benchmarks, system configuration guidelines that are developed through community consensus. CIS Benchmarks are recognized by the DoD Cloud Computing SRG, PCI DSS, and other compliance frameworks. CIS Hardened Images are available on all AWS region data centers including the AWS GovCloud (US) region and AWS for the IC.
CloudCheckr unifies IT, security and finance teams and provides total visibility, deep insight, cloud automation and governance. CloudCheckr is a comprehensive cloud management solution, helping manage and automate cost and security for public cloud environments.
CloudCheckr helps public sector organizations increase efficiencies, strengthen security and optimize costs. With its certified AWS Government Competency for expertise in highly secure cloud environments, we offer continuous security monitoring, policy enforcement and usage visibility to meet all related compliance requirements, including HIPAA, FedRAMP, DFARS and more.
Effortless compliance assessment and documentation management in a simple, team-friendly interface.
ComplyUp’s Compass helps you bridge the documentation gap between your ATO on AWS deployment and your compliance documentation requirements. The Compass interface drives your team forward through each requirement, auto-generates all documentation, and allows you to share your ATO on AWS assessment with external service providers or auditors.
Duo's cloud-based trusted access solution is a user-centric zero-trust security platform to protect access to sensitive data at scale for all users, all devices and all applications.
Duo's Trusted Access solution is Secure access to your applications and data, no matter where your users are - on any device - from anywhere. Duo’s trusted access solution creates trust in users, devices and the applications they access. Reduce the risk of a data breach and ensure trusted access to sensitive data.
With flexible security, compliance, and deployment controls for organizations, your team can use GitHub Enterprise wherever you need it to be.
At GitHub, we deploy dozens of times per day using our own product. Like us, our customers use GitHub Enterprise across the entire development process. This platform for continuous integration and deployment allows you to build and ship better software, faster.
HashiCorp is the leader in multi-cloud/hybrid infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. Enterprise versions of Terraform, Vault, Nomad and Consul enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality.
HashiCorp Terraform is the world’s most widely used cloud provisioning product and can be used to provision infrastructure for any application using an array of providers for any target platform. HashiCorp Vault enables teams to securely store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting machines and applications. This provides a comprehensive secrets management solution. Beyond that, Vault helps protect data at rest and data in transit.
McAfee vNSP is a next-generation IPS solution architected for AWS and provides an intelligent security solution that discovers and blocks sophisticated threats in the network with unmatched speed, accuracy, and simplicity. Enabled for the most critical AWS Regions, vNSP solution delivers best-in-class enterprise security against sophisticated attacks and enhanced protection for critical workloads.
Accelerate your ATO by adding McAfee Virtual Network Security Platform (McAfee vNSP) to help identify malicious/anomalous network activity and threats that may otherwise be less detectable with traditional tools. Using this intelligent threat protection platform can accelerate cloud adoption and compliance initiatives such as FedRamp and PCI DSS, and others.
Red Hat OpenShift integrates with Amazon Web Services to provide rapid, reliable, and secure development and deployment of applications and other container-based solutions.
Combining Red Hat OpenShift Container Platform and the AWS Cloud platform gives you a flexible, high-performance application environment that supports modern, digital operations. Built on open source innovation and industry standards, Red Hat OpenShift Container Platform is a comprehensive platform for building and running container-based applications with enterprise-grade Kubernetes. Develop, deploy, and manage traditional and container-based applications seamlessly across physical and AWS Cloud environments—without needing to recode or refactor applications. Speed iteration cycles and innovation with self-service capabilities and automation.
Red Hat® Ansible® Automation is automation software with hundreds of modules that can automate nearly 100 Amazon Web Services offerings and processes.
Using Ansible to automate your applications in AWS greatly increases the chances that your cloud initiative will be a success. The breadth of AWS capability enables IT organizations to dynamically provision entire workloads like never before. To harness this power, IT organizations must securely control cloud deployments and reliably migrate existing apps to AWS and Ansible is key automation to doing this reliably. When you deploy an application into AWS, you will soon realize that the cloud is much more than a collection of servers in someone else's data center. You now have a fleet of services available to you to rapidly deploy and scale applications. However, if you continue to manage AWS like just a group of servers, you won’t see the full benefit of your migration to the cloud. Ansible automation can help you manage your AWS environment like a fleet of services instead of a collection of servers.
SAINT Security Suite interoperates within your AWS environment to provide comprehensive vulnerability scanning, penetration testing, social engineering, configuration assessment and compliance reporting of AWS workloads in a fully- integrated solution.
SAINT Security Suite deploys on AWS EC2 instances to perform vulnerability management and compliance reporting of AWS workloads. SAINT cloud formation templates in the ATO for AWS Github repository facilitate ease of deployment and interoperability across ATO for AWS partner solutions to accelerate the process of FedRAMP and PCI compliance.
Cloud security and compliance automation solutions to accelerate secure cloud deployments.
Xacta speeds cloud compliance with controls inheritance and automation. Stand up cloud-based workloads faster by expediting required approvals; automating risk assessment, remediation, and compliance reporting; leveraging easy-to-use capabilities for accessing, managing, and visualizing compliance data; viewing at-a-glance status of risk and vulnerabilities; and generating enterprise information assurance documentation.
Yubico, the inventor of the YubiKey, sets global standards for affordable, easy to use two-factor authentication that can be used everywhere for secure access to computers, networks, and online services.
The YubiKey is a hardware authenticator used for two-factor and smart card authentication. With a simple touch, the YubiKey protects access to computers, networks, and online services. Available with a choice of USB-A and USB-C connectors and NFC, AWS IAM and root users can use their YubiKey as a multi-factor authentication (MFA) device to add an extra layer of protection on top of their username and password.
ZPA-Government enables digital government with Zero Trust Networking. By replacing legacy VPN technology and providing encrypted connections to applications, this solution eliminates the risks introduced by unmanaged devices while reducing the threat of lateral access.
ZPA-Government is an AWS GovCloud-based service that provides authorized users with secure Zero Trust access to applications hosted on AWS and other destination clouds using a software-defined perimeter, without placing users on the network. Inside-out connectivity ensures applications are “dark” to unauthorized users, eliminating the risks of lateral access, DDoS attacks, and other threats. ZPA-Government replaces VPN technology.
Zscaler's FedRAMP authorized secure internet and web gateway solution, ZIA-Government, securely connects users over the internet to externally managed applications regardless of device, employee location, or network.
ZIA-Government delivers the security stack as a service from the cloud. The solution securely connects users to externally managed applications, including SaaS applications and internet destinations, regardless of device, location, or network. ZIA-Government is FedRAMP certified and meets TIC 3.0 guidelines. Agencies can route mission-critical traffic without hair pinning through the MTIPS or legacy TIC perimeter.