I am happy to be able to announce that AWS has achieved a DoD Provisional Authorization for security impact levels 1-2 on all AWS Regions in the United States. This includes US East (Northern Virginia), US West (Northern California), US West (Oregon), and AWS GovCloud (US).
The issuance of the authorization means that U.S. Department of Defense (DoD) agencies can save significant time and money when they evaluate AWS.
Last May we announced that we had achieved FedRAMP compliant Agency ATOs after demonstrating adherence to hundreds of controls. Today, AWS is one of a handful of approved Cloud Service Providers (CSPs) in DISA's Enterprise Cloud Service Broker catalog.
Numerous DoD agencies, systems integrators, and other companies that provide products and services to the U.S. government are already using AWS services. Here are a few examples:
- Secretary of the Navy - First commercially hosted portal on AWS by SPAWAR.
- Navy CIO - Shifting large amounts of publicly hosted data to AWS.
- US Air Force
With today's announcement, DoD agencies can leverage the AWS Provisional Authorization to evaluate AWS for their applications and workloads, provide their own authorizations to use AWS, and transition DoD workloads into the AWS environment. DoD components and federal contractors can immediately request DoD compliance support by submitting a FedRAMP/DoD Compliance Support Request and begin to moving through the authorization process to achieve a DoD ATO for Levels 1-2 with AWS.