The Defense Information Systems Agency (DISA) has authorized 10 additional AWS services in the AWS Secret Region for production workloads at the Department of Defense (DoD) Impact Level (IL) 6 under the DoD’s Cloud Computing Security Requirements Guide (DoD CC SRG). With this authorization at DoD IL 6, DoD Mission Owners can process classified and mission critical workloads for National Security Systems in the AWS Secret Region. The AWS Secret Region is available to the Department of Defense on the AWS’s GSA IT Multiple Award Schedule.
AWS successfully completed an independent evaluation by members of the Intelligence Community (IC) that confirmed AWS effectively implemented 859 security controls using applicable criteria from NIST SP 800-53 Rev 4, the DoD CC SRG, and the Committee on National Security Systems Instruction No. 1253 at the Moderate Confidentiality, Moderate Integrity, and Moderate Availability impact levels.
The 10 AWS services newly authorized by DISA at IL 6 provide additional choices for DoD Mission Owners to use the capabilities of the AWS Cloud in service areas such as compute and storage, management and developer tools, analytics, and networking. With the addition of these 10 newly authorized AWS services (listed with links below), AWS expands the capabilities for DoD Mission Owners to use a total of 36 services and features.
Compute and Storage:
- Amazon Elastic Container Registry (Amazon ECR): Reliably store, manage, and deploy containers for your applications.
- Amazon Elastic Container Service (Amazon ECS): Use a fully managed secure container orchestration service to run the most sensitive and mission critical applications.
- AWS Lambda: Run code without provisioning or managing servers and pay only for the compute time consumed.
- AWS Snowball Edge: Undertake local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS cloud.
Management and Developer Tools:
- AWS Personal Health Dashboard: Monitor, manage, and optimize your AWS environment with a personalized view into the performance and availability of the AWS services underlying your AWS resources.
- AWS Systems Manager: Automatically collect software inventory, apply OS patches, create system images, configure Windows and Linux operating systems, and seamlessly bridge your existing infrastructure with AWS.
- AWS CodeDeploy: A fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and on-premises servers.
- AWS Data Pipeline: Reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals.
- AWS PrivateLink: Use secure private connectivity between Amazon Virtual Private Cloud (Amazon VPC), AWS services, and on-premises applications on the AWS network, and eliminate the exposure of data to the public internet.
- AWS Transit Gateway: Easily connect Amazon VPC, AWS accounts, and on-premises networks to a single gateway.
Newly authorized AWS services and features at DoD Impact Level 6
- Amazon Elastic Container Registry (ECR)*
- Amazon Elastic Container Service (ECS)*
- AWS CodeDeploy*
- AWS Data Pipeline
- AWS Lambda
- AWS Personal Health Dashboard
- AWS PrivateLink*
- AWS Snowball Edge
- AWS Systems Manager
- AWS Transit Gateway*
* Note: Service is DISA IL 6 authorized, but not Generally Available (GA) to customers.
Existing authorized AWS services and features at DoD Impact Level 6
- Amazon CloudWatch
- Amazon DynamoDB (DDB)
- Amazon Elastic Block Store (EBS)
- Amazon Elastic Compute Cloud (EC2)
- Amazon Elastic Compute Cloud (EC2) – Auto Scaling
- Amazon Elastic Compute Cloud (EC2) – Elastic Load Balancing (ELB) (Classic and Application Load Balancer)
- Amazon ElastiCache
- Amazon Kinesis Data Streams
- Amazon Redshift
- Amazon S3 Glacier
- Amazon Simple Notification Service (SNS)
- Amazon Simple Queue Service (SQS)
- Amazon Simple Storage Service (S3)
- Amazon Simple Workflow (SWF)
- Amazon Virtual Private Cloud (VPC)
- AWS CloudFormation
- AWS CloudTrail
- AWS Config
- AWS Database Migration Service (DMS)
- AWS Direct Connect (Dx)
- AWS Identity and Access Management (IAM)
- AWS Key Management Service (KMS)
- Amazon Relational Database Service (RDS) (including MariaDB, MySQL, Oracle, Postgres, and SQL Server)
- AWS Snowball
- AWS Step Functions
- AWS Trusted Advisor
To learn more about AWS solutions for DoD, please see our AWS solution offerings. Follow the AWS Security Blog for future updates on our Services in Scope by Compliance Program page. If you have feedback about this post, let us know in the Comments section below.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.