The Defense Information Systems Agency (DISA) has authorized 15 additional AWS services in the AWS Secret Region for production workloads at the Department of Defense (DoD) Impact Level (IL) 6 under the DoD’s Cloud Computing Security Requirements Guide (DoD CC SRG). The authorization at DoD IL 6 allows DoD Mission Owners to process classified and mission-critical workloads for National Security Systems in the AWS Secret Region. The AWS Secret Region was built as part of the Commercial Cloud Services (C2S) contract and is available to the DoD on the AWS GSA IT70 schedule.
The AWS services successfully completed an independent evaluation by members of the Intelligence Community (IC), which confirmed that the AWS services effectively implemented 859 security controls using applicable criteria from NIST SP 800-53 Rev 4, the DoD CC SRG, and the Committee on National Security Systems Instruction No. 1253 at the Moderate Confidentiality, Moderate Integrity, and Moderate Availability impact levels.
The 15 AWS services newly authorized by DISA at IL 6 provide additional choices for DoD Mission Owners to leverage the capabilities of the AWS Cloud in service areas such as compute, storage, database, networking, and security, bringing our total IL 6 authorizations to 26 services as listed below.
Authorized AWS services and features at DoD Impact Level 6
- Amazon CloudWatch
- Amazon DynamoDB
- Amazon Elastic Block Store
- Amazon Elastic Compute Cloud (including VM Import/Export)
- Amazon EC2 Auto Scaling
- Amazon ElastiCache
- Amazon Kinesis Data Streams
- Amazon Redshift
- Amazon Relational Database Service (including MariaDB, MySQL, Oracle, PostgreSQL, and SQL Server)
- Amazon S3 Glacier
- Amazon Simple Notification Service
- Amazon Simple Queue Service
- Amazon Simple Storage Service
- Amazon Simple Workflow
- Amazon Virtual Private Cloud
- AWS CloudFormation
- AWS CloudTrail
- AWS Config
- AWS Database Migration Service
- AWS Direct Connect
- AWS Identity and Access Management
- AWS Key Management Service
- AWS Snowball
- AWS Step Functions
- AWS Trusted Advisor
- Elastic Load Balancing (Classic and Application Load Balancer)
To learn more about AWS solutions for DoD, please see our AWS solution offerings. Follow the AWS Security Blog for future updates on our Services in Scope by Compliance Program page. If you have feedback about this blog post, let us know in the Comments section below.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.