May 21, 2013, 7:55 AM — Amazon Web Services has finally received certification under the Federal Risk and Authorization Management Program, which the company said will lower the cost of implementing its cloud services among government organizations and agencies in the U.S.
FedRAMP is a mandatory government-wide program that standardizes security assessment, authorization, and monitoring for cloud products and services. As part of the program, Amazon has been granted two so-called Agency Authorities to Operate (ATOs) by the U.S. Department of Health and Human Services, it said.
One ATO covers the GovCloud "region" of AWS infrastructure, and the other the U.S. East/West regions of its cloud infrastructure. Within those boundaries, agencies can use Amazon's EC2 compute cloud, Simple Storage Service (S3) and Elastic Block Store (EBS). They can also use its Virtual Private Cloud (VPC), which allows IT staff to create an isolated section of Amazon's cloud where they can launch resources in a virtual network defined by themselves, including public subnets, private subnets, and hardware VPN access.
In a recent interview, Stephen Schmidt, chief information security officer at Amazon Web Services, talked about how he looked forward to getting a FedRAMP certification.
Today some organizations are more capable of performing a good review than others are, but the FedRAMP program will iron out those differences and raise the security bar across the government space, Schmidt said at the time.
The advantages of FedRAMP also include significant savings in cost, time and resources, because government organizations and agencies can rely on FedRAMP instead of doing their own evaluations, according to Amazon.
Intrigued agencies and federal contractors can request access to the ATO packages by submitting a FedRAMP Package Access Request Form, Amazon wrote in an FAQ related to the announcement