The US government’s assessment service FedRAMP has certified Amazon’s AWS and Microsoft Azure, as well as the specialized government cloud provider Autonomic Resources, as secure enough to be used by Federal agencies. 

The three clouds were invited to a pilot stage of the FedRAMP (Federal Risk and Authorization Management Program), which assesses whether cloud services are secure enough for use in government agency work. FedRAMP certification is also expected to add cachet to cloud providers pitching for commercial business. 

us government america capitol president thinkstock photos andrea izzotti
– Thinkstock / Andrea Izzotti

Three clouds pass the test

The AWS GovCloud, along with the Microsoft Azure Government Cloud, and the ARC-P infrastructure-as-a-service (IaaS) cloud from Autonomic Resources have all been granted the P-ATO (Provisional Authorization to Operate), according to a FedRAMP press release.

All three were invited to take part in the pilot program for high impact certification under the FedRAMP requirements. The three can now all be included in cloud and hybrid cloud operations used by federal agencies for data in the Controlled Unclassified and Secret categories (Department of Defense agencies also need to assure that SRG guidelines are followed).

The “High” classification is applied to information which the National Institute of Standards and Technology (NIST) standard consider compromising would adversely impact organization’s operations, assets, or individuals. The standards are being developed as part of the Federal Information Security Management (FISMA) act, which, among other things, is developing “Standards for categorizing information and information systems by mission impact.”

Amazon’s US Government cloud, which was launched in 2011, is a separate cloud from the standard AWS cloud services and was designed to meet the needs of government agencies for their hybrid and public cloud services. The AWS US Government Cloud Region includes Amazon Elastic Cloud Compute (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Amazon Identity and Access Management (IAM), and Amazon Elastic Block Store (EBS).,  According to Amazon, the service currently meets the requirements for US International Traffic in Arms Regulations (ITAR), Criminal Justice Information Services (CJIS) requirements, as well as Levels 2 and 4 for DoD systems, along with certification for FedRAMP low, medium, and high impact data.