Re: See Teresa Takai's take on JAB vs Agency ATO
Thanks for raising issue regarding JAB vs agency authorization and its scope. When the JAB gives a cloud service "Provisional Authority to Operate" it has satisfied the CIO offices at DOD, DHS and GSA, as opposed to a single agency. some would say that carries more weight. But the the FedRAMP authoriztion by an agency, as HHS did with Amazone Web Services, satisfies the same requirements.
Of equal importance, and thanks for raising this also, FedRAMP authoritiy lapplies to a specific service. AWS, for instance has more than three dozen cloud services across multiple regions. What HHS appoved was two infrastructure services that specifically meet HHS' requirements. Other agencies can now build on those services, but that does not mean other AWS services share the FedRAMP seal of approval.