If you have questions or need more information, please contact your AWS Sales Account Manager or the ATO on AWS team. Agencies are responsible for issuing their own ATO on AWS and are also responsible for the overall authorization of their system components.
If you have more questions or need more information, please contact your AWS Sales Account Manager.Īn agency Authorizing Official (AO) can leverage any of the AWS FedRAMP Security Packages to review supporting documentation, to include shared responsibility details, and make his or her own risk-based decision to grant an Agency Authority to Operate (ATO) to AWS. Federal Agencies or DoD organizations can leverage the AWS FedRAMP Security Packages to review supporting documentation, to include shared responsibility details, and make their own risk-based decision to grant an ATO. A PATO is a pre-procurement approval for Federal or DoD organizations to use CSOs. CSPs do not get an Authority to Operate (ATO) for their CSOs, instead they receive P-ATOs.
Each AWS CSOs is authorized for Federal and DoD use by FedRAMP and DISA, and their authorization is documented in a Provisional Authority to Operate (P-ATO).
For more information, see the FedRAMP website.Ī Federal Agency or Department of Defense (DoD) organization can leverage AWS Cloud Service Offerings (CSOs) as building blocks for solutions hosted in the cloud.
FedRAMP uses the NIST Special Publication 800 series and requires cloud service providers to complete an independent security assessment conducted by a third-party assessment organization (3PAO) to ensure that authorizations are compliant with the Federal Information Security Management Act (FISMA). The governing bodies of FedRAMP include the Office of Management and Budget (OMB), US General Services Administration (GSA), US Department of Homeland Security (DHS), US Department of Defense (DoD), National Institutes of Standards & Technology (NIST), and the Federal Chief Information Officers (CIO) Council.Ĭloud Service Providers (CSPs) who want to offer their Cloud Service Offerings (CSOs) to the US government must demonstrate FedRAMP compliance. Object Lock can help organizations with certain government and industry regulations like HIPAA, FINRA, and CJIS for securing and preserving electronic records, transaction data, and activity logs.The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. It’s essential that data in regulated industries be safeguarded for compliance and consumer protection standards.īecause legal proceedings depend on a chain of custody and immutability when it comes to digital evidence, like surveillance video, now that deep fakes and altered footage have become a threat to justice. It isn’t enough that they’re taking down the primary systems, but they’re also attacking the secondary/backup systems to ensure they get their ransom…īecause regulators check these things, all the time. It guarantees that once the information lands in the Wasabi hot storage cloud, it will remain there until the lock expires.īecause cybercriminals attack backups and archives as part of their ransomware campaigns. Using immutable objects ensures that information is immune from accidental or intentional deletion and alteration. Because things change – especially staff.