AWS, Microsoft cloud win US government security approval

Three vendors are authorized to handle highly sensitive government data

Three cloud vendors have won U.S. government security authorization.
Credit: ©IDG Communications, Inc. Photo contributed by Matthew Mikaelian

Three vendors, including Microsoft and Amazon Web Services, have won a key U.S. government authorization that allows federal agencies to put highly sensitive data on their cloud-computing services.

The AWS GovCloud, Microsoft's Azure GovCloud, and CSRA's ARC-P IaaS have received provisional authority to offer services under the high baseline of the government's Federal Risk and Authorization Management Program (FedRAMP), a set of security standards for cloud services.

The FedRAMP high baseline, including more than 400 security controls, allows federal agencies to use AWS for highly sensitive workloads, including personal information, AWS said Thursday.

About half of the U.S. government's annual US$80 billion IT budget is spent on systems covered by the high baseline, FedRAMP noted in a blog post. "That's huge!" FedRAMP wrote.

"These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments," the blog post said. "This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin."

The FedRAMP high baseline for AWS gives agencies a "simplified path" to move their sensitive data to the cloud service, Teresa Carlson, vice president for the worldwide public sector at AWS, said in a press release.

The FedRAMP high baseline is aligned with the U.S. National Institute of Standards and Technology's security controls, which classify data as high risk if a compromise would severely affect an organization's operations, assets, or people. 

Download the CIO October 2016 Digital Magazine
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies