19 additional AWS services authorized at DoD Impact Level 5 for AWS GovCloud (US) Regions

I’m excited to share that the Defense Information Systems Agency (DISA) has authorized 19 additional AWS services at Impact Level (IL) 5 and four services at IL 4 in the AWS GovCloud (US) Regions.

With these additional 19 services, a total of 80 AWS services and features at IL4 and IL 5 are authorized and available for DoD Mission Owners to process under the DoD’s Cloud Computing Security Requirements Guide (DoD CC SRG). DISA’s authorization demonstrates that AWS effectively implemented over 421 security controls using applicable criteria from NIST SP 800-53 Rev. 4, the US General Services Administration’s FedRAMP High baseline, and DoD CC SRG for Impact Level 5.

The authorization at DoD IL 4 and IL 5 allows DoD Mission Owners to process controlled unclassified information (CUI) and to include mission critical workloads for National Security Systems in AWS GovCloud (US) Regions. This authorization supplements the full range of U.S. Government data classifications supported on AWS. AWS remains the only cloud service provider accredited to address the full range, including Unclassified, Secret, and Top Secret.

The recently authorized AWS services and features at DoD Impact Levels 5 include the following:

  1. Amazon AppStream 2.0 (also authorized at IL 4)
  2. Amazon Cloud Directory
  3. Amazon Comprehend
  4. Amazon Kinesis Data Firehose
  5. Amazon Route 53
  6. Amazon Transcribe
  7. Amazon Translate
  8. AWS CodeBuild
  9. AWS CodeCommit
  10. AWS DataSync
  11. AWS Elemental MediaConvert (also authorized at IL 4)
  12. AWS IoT Greengrass
  13. AWS License Manager
  14. AWS Organizations
  15. AWS Secrets Manager (also authorized at IL 4)
  16. AWS Serverless Application Repository (also authorized at IL 4)
  17. AWS Service Catalog
  18. AWS Trusted Advisor
  19. AWS Web Application Firewall (WAF)

The addition of the 19 new services will allow DoD Mission Owners and their developers from the Defense Industrial Base to use the newly authorized AWS services and features to solve critical mission challenges as shown below:

DevOps:

  • Leverage a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy using AWS CodeBuild.
  • Use a fully managed source control service to collaborate on code in a secure and highly scalable system with AWS CodeCommit.

Artificial Intelligence / Machine Learning and Big Data:

  • Uncover the insights and relationships in unstructured data and text using Amazon Comprehend.
  • Accurately transcribe and translate large volumes of text using Amazon Transcribe and Amazon Translate.
  • Easily move large amounts of data online between on-premises storage and storage services (i.e., Amazon S3 and Amazon Elastic File System) using AWS Data Sync and reliably load streaming data into data lakes, data stores, and analytics services using Amazon Kinesis Data Firehose.

Administration and Security:

  • Create and manage licenses and catalogs of IT services that are approved for use on AWS (i.e., AWS License Manager and AWS Service Catalog).
  • Provide scalable workload management with AWS Organizations.
  • Optimize real-time workload provisioning guidance with AWS Trusted Advisor.
  • Rotate, manage, and retrieve credentials with AWS Secrets Manager.
  • Protect web applications using AWS Web Application Firewall (WAF).

IAM, IoT, Networking, Serverless, Tactical Edge:

  • Organize hierarchies of data along multiple dimensions using Amazon Cloud Directory.
  • Store, share, and deploy applications through a serverless architecture using AWS Serverless Application Repository.
  • Build out and connect Internet of Things (IoT) environments with AWS IoT Greengrass.
  • Efficiently route traffic to Internet applications with Amazon Route53.
  • Enable file-based video transcoding with AWS Elemental Media Convert.
  • Centrally manage and securely deliver desktop applications to any computer with Amazon AppStream 2.0.

Figure 1 below highlights the new services now available to DoD Mission Owners.

Figure 1: The new AWS services now available, broken out into categories.

Figure 1: The new AWS services now available, broken out into categories.

To learn more about AWS solutions for DoD, please see our AWS solution offerings. Follow the AWS Security Blog for future updates on our Services in Scope by Compliance Program page. If you have feedback about this post, let us know in the Comments section below.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Tyler Harding

Tyler is the DoD Compliance Program Manager within AWS Security Assurance. He has over 20 years of experience providing information security solutions to federal civilian, DoD, and intelligence agencies.