News
AWS Scores High-Level Federal Cloud Security Approval
The U.S. Defense Information Systems Agency (DISA) has approved Amazon Web Services (AWS) to handle more sensitive data for the Department of Defense (DoD).
AWS, via its GovCloud offering, is the first commercial cloud provider to receive a "provisional authorization" to manage data that falls between Level 3 and Level 5 on the DoD's Cloud Security Model (CSM), the company announced on Thursday.
The CSM, which is based on guidelines outlined by the Federal Risk and Authorization Management Program (FedRAMP), categorizes DoD data into six "impact levels," with data on Level 1 being the least sensitive and data on Level 6 being the most sensitive. Levels 3 to 5 encompass "controlled unclassified information," according to this DISA document.
"As part of the Level 3-5 Authorization, our partners and DoD customers will be able to implement a wide range of DoD requirements necessary to protect their data at these levels, including AWS Direct Connect routing to the DoD's network, comprehensive computer network defense coverage, and Common Access Card (CAC) integration," wrote Jeff Barr, chief AWS evangelist, in a blog post.
"Simply put, DoD agencies can now use AWS GovCloud's compliant infrastructure for all but level 6 (classified) workloads," said Chad Woolf, director of risk and compliance at AWS, in a separate post.
AWS was approved for Level 1 and Level 2, which comprise publicly available and unclassified data, back in March. The approval for these levels was for AWS GovCloud, as well as the AWS East and AWS West regions.