Launching a New Era of Government Cloud Security

By Dave Levy, Vice President, Amazon Web Services

The FedRAMP Authorization Act was recently signed into law as part of the defense authorization bill, a signal that cloud technologies continue to have a permanent place in helping U.S. government agencies deploy secure and innovative solutions to accomplish their missions.

Through this legislation, policy leaders on Capitol Hill and in the Biden administration further recognize the important role that industry partners play in improving the security and resilience of government services.

Government cloud security begins with the Federal Risk and Authorization Management Program, or FedRAMP. FedRAMP is a program that standardizes security assessment, authorization, and monitoring for the use of cloud services throughout the U.S. federal government. The program was authorized in 2011 through a memorandum from the Office of Management and Budget (OMB), and the General Services Administration (GSA) established the program office for it in 2012.

Though in existence for ten years, FedRAMP had not been formally codified in legislation. In this time, we’ve seen meaningful improvements in the ways government agencies leverage cloud technology to improve how they deliver services and achieve their missions. From its adoption by the Intelligence Community to leveraging cloud technologies in its space missions, government agencies have demonstrated that cloud technologies allow them to rapidly deploy systems that are secure, resilient, and agile. Cloud technologies also allow them to do more, for less, and at a faster pace than imagined possible ten years ago.

Amazon Web Services (AWS) applauds Congress and the White House for bolstering cloud adoption and security package reuse through the FedRAMP Authorization Act, a piece of legislation led by U.S. Congressman Gerry Connolly, D-Va., to codify the FedRAMP program. With this bill signed into law as part of the National Defense Authorization Act, there is recognition for the important role that the cloud plays in securing federal systems – and the role FedRAMP plays in ensuring that security.

Safeguarding the security of our federal systems is more important now than ever. With the volume and sophistication of cybersecurity attacks increasing, coupled with evolving geopolitical security threats around the world, the U.S. Government must ensure that it is leveraging best-in-class security services to deliver its critical missions. Further, the “do once, reuse many times” ethos of FedRAMP will save money for mission teams across government as teams optimize security by leveraging existing system security packages.

Industry has a key role to play in this equation. For example, the FedRAMP Authorization Act creates the Federal Secure Cloud Advisory Committee, which would be tasked with ensuring coordination of agency acquisition, authorization, adoption, and use of cloud computing technologies. The committee will serve as a new method of formally engaging with industry partners to improve the way cloud accreditations are managed in government, and align the use of those services with agency missions and priorities. A joint group of government and industry partners such as this committee will help the FedRAMP program evolve to solve the toughest security challenges facing the U.S. government today.

Security is our top priority, and AWS has been architected to be the most flexible and secure cloud computing environment available today. Both the AWS GovCloud region, which is a region specifically designed to meet the U.S. Government’s security and compliance needs, and AWS US East-West regions have been granted FedRAMP authorizations.

AWS supports FedRAMP, as we have from the very beginning. U.S. government agencies are embracing cloud in existing programs and missions, and they are building new services with cloud technologies. Formally codifying the FedRAMP program through legislation ensures the U.S. government can leverage industry-leading cloud services, safeguard federal systems, and better support the delivery of critical citizen services in an evolving security landscape.

Dave Levy is Vice President at Amazon Web Services, where he leads its U.S. government, nonprofit and public sector healthcare businesses.