Amazon Web Services and Microsoft both said today that parts of their respective cloud offerings have won federal certification as being secure, allowing the government to use them for sensitive patient records, financial data, law-enforcement data and other controlled but unclassified information.
The AWS GovCloud (US), an isolated portion of Amazon’s cloud launched in 2011 and designed to host sensitive workloads, got a provisional authority to operate from the federal Joint Authorization Board under the newly created Federal Risk and Authorization Management Program (FedRAMP) high baseline, AWS said. That baseline is a standardized set of more than 400 security requirements based on controls outlined by the National Institute of Standards and Technology. Data is classified as “high” if its compromise would severely affect an organization’s operations, assets or individuals.
“We’re excited . . . to recognize AWS as having achieved the most rigorous FedRAMP level to date,” said Matthew Goodrich, FedRAMP director, in a prepared statement. Meeting the baseline gives agencies “a simplified path to moving their highly sensitive workloads to AWS,” said Teresa Carlson, vice president of AWS’s worldwide public sector, in the same statement. More than 2,300 government customers worldwide are already using AWS Cloud, and this certification can extend their uses, she said.
The AWS GovCloud (US) Region offers services including Elastic Cloud Compute, Virtual Private Cloud, Simple Storage Service, Identity and Access Management and Elastic Block Store, AWS said. In addition to FedRAMP, it adheres to U.S. International Traffic in Arms Regulations (ITAR) and Criminal Justice Information Services requirements, as well as Levels 2 and 4 for DoD systems.
Microsoft’s Azure Government won the same FedRAMP provisional authority, which Goodrich in a statement called “a testament to Microsoft’s ability to meet the government’s rigorous security requirements.” The company successfully completed a FedRAMP high pilot in March.
Azure has also won provisional authorization to deal with Level 4 DoD data and with ITAR, Microsoft said. Details on its secure cloud are available here.