Three vendors, including Microsoft and Amazon Web Services, have won a key U.S. government authorization that allows federal agencies to put highly sensitive data on their cloud-computing services.
The AWS GovCloud, Microsoft’s Azure GovCloud, and CSRA’s ARC-P IaaS have received provisional authority to offer services under the high baseline of the government’s Federal Risk and Authorization Management Program (FedRAMP), a set of security standards for cloud services.
The FedRAMP high baseline, including more than 400 security controls, allows federal agencies to use AWS for highly sensitive workloads, including personal information, AWS said Thursday.
About half of the U.S. government’s annual US$80 billion IT budget is spent on systems covered by the high baseline, FedRAMP noted in a blog post. “That’s huge!” FedRAMP wrote.
“These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments,” the blog post said. “This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin.”
The FedRAMP high baseline for AWS gives agencies a “simplified path” to move their sensitive data to the cloud service, Teresa Carlson, vice president for the worldwide public sector at AWS, said in a press release.
The FedRAMP high baseline is aligned with the U.S. National Institute of Standards and Technology’s security controls, which classify data as high risk if a compromise would severely affect an organization’s operations, assets, or people.