Yesterday, we picked up on a bit of big news … Amazon and their AWS service officially received the stamp of approval in meeting FedRAMP in coordination with the US Department of Health and Human Services (HHS). It’ been three years in the making since the government announced FedRAMP and now Amazon joins the elite with only two other approved cloud offerings that include CGI Federal and Autonomic Resources.
The covered regions include Amazon Web Service (AWS) US East/West as well as their GovCloud (US) offering and can include systems at both the low and moderate risk impact levels evaluated per NIST 800-53 Rev. 3 – moderate baseline requirements, plus additional FedRAMP security controls.
Now don’t get too excited here … this isn’t as simple as throwing your systems into Amazon AWS and receiving an Authority to Operate (ATO). FedRAMP simply covers the “infrastructure” pieces of the vast FISMA puzzle. So although Amazon simplifies the approval process by covering a large swath of required controls, users must still closely develop and operate their systems keeping a large group of controls in mind.
For those interested in leveraging Amazon’s AWS HHS ATO packages, simply complete this form and email it to [email protected] with the message subject “Leverage Authorization.” Additional information on Amazon’s FedRAMP approval can be found in their press release as well as their very informative FAQ.
Will FedRAMPing systems into the cloud really make authorization easier and more secure? Let us know in the comments below. Today’s post pic is from GCN.com. See ya!