FedRAMP  issues ‘high’ approval for AWS services

FedRAMP issues ‘high’ approval for AWS services

When the Federal Risk and Authorization Management Program released the FedRAMP high-security baseline last June, Amazon Web Services' GovCloud was among the first platforms approved. And on Jan. 5, the FedRAMP Joint Authorization Board issued provisional authorities to operate for three additional services in the AWS GovCloud. 

The Amazon Relational Database Service can help agencies manage MySQL, Oracle and Postgres databases in the cloud. Amazon CloudWatch Logs can be used to monitor various system and application logs for problems, patterns or specific phrases. And AWS CloudTrail, according to the company, "is a web service that records AWS API calls for accounts and delivers log files to the user."

According to the FedRAMP website, the General Services Administration is the only agency so far to take advantage of the AWS GovCloud High authorization, but Teresa Carlson, AWS's vice president for public sector worldwide, voiced confidence that more high-baseline cloud deployments are coming.

"We are constantly listening to our customers and work to deliver more services to help accelerate their missions," she said in announcing the approvals. "We are thrilled to offer these three new services that meet the FedRAMP High baseline."

The high baseline allows cloud service providers to handle and store data that, if compromised, could severely hurt organizational operations, assets or people in the federal agency that hired the provider. FedRAMP Director Matt Goodrich said when the baseline was finalized that FedRAMP High was needed for roughly half of the federal government's IT systems to be able to move to the cloud.

Microsoft's Azure Government platform and Global Foundation Services for Government Offering, and Autonomic Resources' ARC-P infrastructure-as-a-service offering also have earned FedRAMP High ATOs, and are being used by multiple agencies.

This article was first posted to FCW, a sister site to GCN.

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


inside gcn

  • data analytics (Alfa Photo/Shutterstock.com)

    How analytics can help agencies fight fraud

Reader Comments

Tue, Jan 10, 2017 Steve Kerney Kennedy Space Center, FL

Is it possible to have a federal agency act as the NIST SP 800-37R1 leveraging organization and establish some type of formal relationship with a commercial entity such as AWS with the latter acting as the owning organization using the 800-37R1 leveraged authorization approach even though this Special Publication references both organizations as federal agencies? And, if so, would the owning organization be likely to let the leveraging organization review their authorization package for risk factor consideration? Is this what the GSA did?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group