Cloud.gov on AWS GovCloud (US) Now FedRAMP Authorized
Cloud.gov, which runs on AWS GovCloud (US) and is built and maintained by GSA’s 18F, an office that helps other government agencies build, buy, and share technology products, recently received a Provisional Authority to Operate (P-ATO) at the moderate impact level from the FedRAMP Joint Authorization Board (JAB). It is now the first fully open source FedRAMP solution.
Cloud.gov’s mission is to provide a platform as a service for government teams, making it faster, simpler, and more secure. The 18F blog post states that, “cloud.gov is for teams that build and deliver websites (and other web-based applications) as part of their work — for example, an agency homepage, an open data API, or an internal information management tool. The agency’s development team sets up the application on cloud.gov, and cloud.gov handles the security, compliance, and maintenance of the underlying platform.”
With cloud.gov, government agencies can:
- Quickly deploy applications that comply with federal policies — without needing to manage infrastructure.
- Run scalable cloud-native applications. Since cloud.gov provides services on top of AWS, agencies can take advantage of AWS services, such as Amazon Simple Storage Service (Amazon S3), Amazon Relational Database Service (Amazon RDS), and Amazon Elastic Compute Cloud (Amazon EC2).
- Try experiments: build and test prototypes without adding extra expense.
- Shorten the path to ATO (Authority to Operate) for each new or updated application. After an agency issues cloud.gov an ATO, only applications need to be evaluated for security and compliance.
With the recent FedRAMP announcement, now when agencies build a system on cloud.gov, their system or application inherits the FedRAMP compliance of the platform, which substantially reduces the amount of compliance work they need to do and accelerates the path to authorization. It handles many of the FedRAMP technical and compliance requirements of the underlying cloud platform, and allows agencies to focus on their web applications and code instead. Using AWS removes the necessity of the customer managing this infrastructure. Cloud.gov is an optimal solution for small to medium-sized agencies seeking a lower barrier to entry for cloud adoption, as well as larger agencies that require streamlined, rapid capability deployment for mission and enterprise applications.
Cloud.gov runs in the AWS GovCloud (US) region, which has a FedRAMP JAB P-ATO at the High impact level. AWS GovCloud (US) also offers support for other compliance needs, such as ITAR compliance, DOD SRG and CJIS. Learn more about AWS GovCloud (US) here.