Amazon Cloud Achieves Key Federal Security Standard - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud

Amazon Cloud Achieves Key Federal Security Standard

AWS infrastructure, storage, and virtual private cloud service get FISMA Moderate certification.

Top 20 Government Cloud Service Providers
(click image for larger view)
Slideshow: Top 20 Government Cloud Service Providers
Key pieces of Amazon Web Services' (AWS) cloud-computing infrastructure have achieved certification with the federal standard for IT security solutions, making the services a more viable option for adoption among federal agencies.

The General Services Administration has awarded AWS' Elastic Compute Cloud (EC2), Simple Storage Service (S3), Virtual Private Cloud (VPC), as well as the infrastructure on which they run, Moderate Authorization and Accreditation with the Federal Information Security Management Act (FISMA), the company said Thursday. Created and maintained by the National Institute for Standards and Technology (NIST), FISMA is a key hurdle for companies to pass to ensure their solutions can meet the security needs of the federal government.

The move marks the first time AWS has received a FISMA Moderate authority to operate, and the company was required to implement and operate an extensive set of security configurations and controls to achieve it. They included documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure of cloud services, as well as conducting third-party audits of these activities, according to AWS.

"Security remains our top priority, and we continue to pursue certifications that provide our customers with the resources they need to confidently and securely deploy mission-critical applications in the AWS cloud," Stephen Schmidt, chief information security officer for Amazon Web Services, said in a press statement.

The federal government already is leveraging EC2 for some of its cloud moves. The Department of Treasury, for instance, earlier this year migrated four existing websites and hosted a new, revamped site on AWS' cloud infrastructure. The Federal Register 2.0 at the National Archives, the Supplemental Nutrition Assistance Program at the U.S. Department of Agriculture, and NASA's Jet Propulsion Laboratory also are AWS cloud customers, according to the company.

Indeed, cloud computing infrastructure providers like AWS, Microsoft, and Google have been competing mightily for federal business, and achieving FISMA certification is a key step for them to win the confidence of agencies in terms of security.

However, there has been contention over claims of FISMA compliance among them in the past. Last year, Microsoft accused Google of falsely claiming FISMA compliance for its Google Apps for Government cloud-based application suite, accusations Google denied.

Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
AI Regulation: Has the Time Arrived?
John Edwards, Technology Journalist & Author,  2/24/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll