Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections

FedRAMP certifies AWS, Azure and Autonomic for secure US services

  • Print
  • Share
  • Comment
  • Save

All three of the pilot program vendors achieve high impact certification

The US government’s assessment service FedRAMP has certified Amazon’s AWS and Microsoft Azure, as well as the specialized government cloud provider Autonomic Resources, as secure enough to be used by Federal agencies. 

The three clouds were invited to a pilot stage of the FedRAMP (Federal Risk and Authorization Management Program), which assesses whether cloud services are secure enough for use in government agency work. FedRAMP certification is also expected to add cachet to cloud providers pitching for commercial business. 

us government america capitol president thinkstock photos andrea izzotti

Source: Thinkstock / Andrea Izzotti

Three clouds pass the test

The AWS GovCloud, along with the Microsoft Azure Government Cloud, and the ARC-P infrastructure-as-a-service (IaaS) cloud from Autonomic Resources have all been granted the P-ATO (Provisional Authorization to Operate), according to a FedRAMP press release.

All three were invited to take part in the pilot program for high impact certification under the FedRAMP requirements. The three can now all be included in cloud and hybrid cloud operations used by federal agencies for data in the Controlled Unclassified and Secret categories (Department of Defense agencies also need to assure that SRG guidelines are followed).

The “High” classification is applied to information which the National Institute of Standards and Technology (NIST) standard consider compromising would adversely impact organization’s operations, assets, or individuals. The standards are being developed as part of the Federal Information Security Management (FISMA) act, which, among other things, is developing “Standards for categorizing information and information systems by mission impact.”

Amazon’s US Government cloud, which was launched in 2011, is a separate cloud from the standard AWS cloud services and was designed to meet the needs of government agencies for their hybrid and public cloud services. The AWS US Government Cloud Region includes Amazon Elastic Cloud Compute (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Amazon Identity and Access Management (IAM), and Amazon Elastic Block Store (EBS).,  According to Amazon, the service currently meets the requirements for US International Traffic in Arms Regulations (ITAR), Criminal Justice Information Services (CJIS) requirements, as well as Levels 2 and 4 for DoD systems, along with certification for FedRAMP low, medium, and high impact data.

Related images

  • Former White House deputy CIO gives a primer on information security fundamentals

Have your say

Please view our terms and conditions before submitting your comment.

required
required
required
required
  • Print
  • Share
  • Comment
  • Save

Webinars

More link