The following information was retrieved via Amazon Press Releases:
Most stringent FedRAMP authorization recognizes AWS GovCloud (US) as a secure environment to run highly sensitive government workloads
SEATTLE--(BUSINESS WIRE)--Jun. 23, 2016-- Amazon Web Services, Inc. (AWS), an Amazon.com company (NASDAQ: AMZN), today announced that the AWS GovCloud (US) Region has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the Federal Risk and Authorization Management Program (FedRAMP) High baseline, a standardized set of security requirements for cloud services. AWS’s FedRAMP Highauthorization, which includes over 400 security controls, gives U.S. government agencies the ability to leverage the AWS Cloud for highly sensitive workloads, including Personal Identifiable Information (PII), sensitive patient records, financial data, law enforcement data, and other Controlled Unclassified Information (CUI).
"We are pleased to have achieved the FedRAMP High baseline, giving agencies a simplified path to moving their highly sensitive workloads to AWS so they can immediately begin taking advantage of the cloud’s agility and cost savings,” said Teresa Carlson, Vice President Worldwide Public Sector, AWS. “Over 2,300 government customers across the world are using the AWS Cloud to innovate in amazing ways – from analyzing data on social media to collect information on adverse drug effects, to making genomic data publicly accessible, to collecting images from Mars. By demonstrating the security of the AWS Cloud with the FedRAMP High baseline, agencies can confidently use our services for an even broader set of critical mission applications and innovations.”
FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, in an effort to save federal agencies time, costs, and resources. The new FedRAMP High baseline is mapped to National Institute of Standards and Technology (NIST) security controls, which classify data as “High” if a compromise would severely impact an organization’s operations, assets, or individuals.
“We’re excited to launch the FedRAMP High baseline, and to recognize AWS as having achieved the most rigorous FedRAMP level to date. The High baseline applies the same, ‘do once, use many times’ approach as the rest of the FedRAMP program in an effort to standardize cloud security controls, and reduce the burden of assessing cloud security for agencies. The FedRAMP High baseline will be important for civilian agencies, the Department of Defense(DoD), the Department of Veterans Affairs (VA), and other agencies to use the cloud for highly sensitive data,” said Matthew Goodrich, FedRAMP Director, GSA’s Office of Citizen Services and Innovative Technologies (OCSIT).
This authorization continues AWS’s leadership in attaining security and compliance certifications, and applies to the AWS GovCloud (US) Region, including Amazon Elastic Cloud Compute (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Amazon Identity and Access Management (IAM), and Amazon Elastic Block Store (EBS). Launched in 2011, the AWS GovCloud (US) is an isolated region designed to host sensitive workloads in the cloud. In addition to FedRAMP, AWS GovCloud (US) adheres to U.S. International Traffic in Arms Regulations (ITAR), Criminal Justice Information Services (CJIS) requirements, as well as Levels 2 and 4 for DoD systems. To learn more about AWS and FedRAMP compliance, please visithttp://aws.amazon.com/compliance/fedramp/.
To learn more about how you can architect solutions in compliance with the FedRAMP High baseline, register for our webinar, “FedRAMP High & AWS GovCloud (US): Meet FISMA High Requirements in the Cloud” here:https://connect.awswebcasts.com/fedramp_high_compliance_awsgovcloud/event/event_info.html
About Amazon Web Services
For 10 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 70 fully featured services for compute, storage, databases, analytics, mobile, Internet of Things (IoT) and enterprise applications from 33 Availability Zones (AZs) across 12 geographic regions in the U.S., Australia, Brazil, China, Germany, Ireland, Japan, Korea, and Singapore. AWS services are trusted by more than a million active customers around the world -- including the fastest growing startups, largest enterprises, and leading government agencies -- to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit http://aws.amazon.com.
Topics from this blog: insider threat