Two Amazon Web Services environments attain FedRAMP compliance
Last week, Amazon announced that it had received separate agency authorizations to operate (ATO) from the U.S. Department of Health and Human Services (HHS) for two of its Amazon Web Services cloud computing offerings, and that those cloud services are now compliant with security requirements in the government’s Federal Risk and Authorization Management Program (FedRAMP). The authorizations to operate are for the AWS GovCloud environment – a government community cloud offering infrastructure-as-a-service (IaaS) specifically to U.S. government customers – and for the AWS US East/West environment, a public cloud available to commercial and public sector customers that also delivers IaaS using entirely U.S.-based data centers and infrastructure.
The FedRAMP designation, coupled with the ATO actions by HHS, gives other federal agencies the option to streamline their own authorization decisions for use of the AWS environments. Generally speaking, other agencies will still need to evaluate the security control documentation provided by Amazon and grant their own agency ATOs before using the AWS environments to host systems, but the fact that Amazon has already implemented security controls required under FedRAMP and undergone an agency ATO process should greatly reduce the level of effort required for other agencies (or even operating divisions within HHS) to issue their own authorizations.