On May 20, Amazon Web Services (AWS) revealed it had obtained approval from the Federal Risk and Authorization Management Program (FedRAMP) to use its cloud computing platform for government business under the terms of a three year certification agreement. Although the assessment of Amazon Web Services as compliant with government-level security standards was sponsored by the Department of Health and Human Services, other government agencies can now leverage the Seattle-based cloud platform subsequent to its recent approval by FedRAMP.
Teresa Carlson, AWS Vice President of Worldwide Public Sector, remarked on the significance of achieving FedRAMP compliance as follows:
More than 300 U.S. government agencies already use the wide array of AWS services to be more innovative, agile, and cost-efficient. Today most government computing systems require built-to-order platforms and applications to meet government security and compliance requirements, which involve time-consuming and costly evaluations. With this FedRAMP compliance, agencies can now utilize a streamlined process from AWS when moving applications to the cloud to meet their unique business and mission requirements.
All government agencies now have the information required to assess the suitability of Amazon Web Services for hosting the specificities of their own classified or protected data sets, as well the authorization protocols required in order to initiate transfers of workloads to AWS for testing and production purposes. The authorization applies to AWS GovCloud and all Amazon Web Services regions. With this authority to operate (ATO) enabled by HHS, Amazon Web Services hopes to dramatically expand its usage amongst government agencies both in terms of the number of agencies and the use cases for which its platform is currently deployed. HHS, for example, currently uses the AWS platform to host over 200 terabytes of data for DNA sequencing from the 1000 Genomes Project for disease research. Amazon Web Services is only the third cloud provider to achieve compliance with FedRAMP alongside CGI Federal and Autonomic Resources.