Amazon Web Services (AWS GovCloud) has been granted “provisional authorization status” by the U.S. Defense Information Systems Agency.
This designation signifies that the GovCloud is authorized for data management under certain security classifications, between Level 3 to Level 5 on the Department of Defense (DoD), Cloud Security Model (CSM).
Based on guidelines from FedRAMP, the CSM categorizes DoD data in six “impact levels.” Level 1 data is the least sensitive and Level 6 data is the most sensitive. According to this DISA document, Levels 3 through 5 include “controlled unclassified data.”
“As part the Level 3-5 Authorization our partners and DoD customer will be able implement a wide variety of DoD requirements to protect their data at these level, including AWS Direct Connect routing into the DoD’s network and comprehensive computer network defense coverage and Common Access Card integration,” said Jeff Barr, chief AWS evangelist in a blog post.
“DoD agencies can now use AWS GovCloud’s compliant infrastructure for all but the level 6 (classified workloads) workloads,” stated Chad Woolf in a separate post.
AWS was approved for Level 1 & Level 2, which include publicly available and unclassified data. This approval was made back in March. These levels were approved for AWS GovCloud as well as AWS East and AWS West.