AWS GovCloud First To Earn High-Level Federal Security Approval
The Amazon Web Services (AWS) GovCloud service has become the first commercial cloud provider to earn "provisional authorization" status by the U.S. Defense Information Systems Agency (DISA).
The designation means the GovCloud is authorized to manage data that falls under a certain security classification, between Level 3 and Level 5 on the Department of Defense (DoD) Cloud Security Model (CSM).
The CSM, which is based on guidelines outlined by the Federal Risk and Authorization Management Program (FedRAMP), categorizes DoD data into six "impact levels," with data on Level 1 being the least sensitive and data on Level 6 being the most sensitive. Levels 3 to 5 encompass "controlled unclassified information," according to this DISA document.
"As part of the Level 3-5 Authorization, our partners and DoD customers will be able to implement a wide range of DoD requirements necessary to protect their data at these levels, including AWS Direct Connect routing to the DoD's network, comprehensive computer network defense coverage, and Common Access Card (CAC) integration," wrote Jeff Barr, chief AWS evangelist, in a blog post.
"Simply put, DoD agencies can now use AWS GovCloud's compliant infrastructure for all but level 6 (classified) workloads," said Chad Woolf, director of risk and compliance at AWS, in a separate post.
AWS was approved for Level 1 and Level 2, which comprise publicly available and unclassified data, back in March. The approval for these levels was for AWS GovCloud, as well as the AWS East and AWS West regions.