Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Cloud Government United States IT Your Rights Online

Amazon Launches 'AWS GovCloud' 26

wiredmikey writes "Amazon Web Services today announced 'AWS GovCloud,' a new AWS Region designed to allow U.S. government agencies and contractors to move IT applications and systems into the cloud by addressing their specific regulatory and compliance requirements. Previously, government agencies with data subject to Compliance regulations such as the International Trade and Arms Regulation (ITAR), which governs how organizations manage and store defense-related data, were unable to process and store data in the cloud that the federal government mandated be accessible only by U.S. persons. AWS said that it will screen customers prior to providing access to the AWS GovCloud, helping to ensure customers are 'U.S. Persons,' not subject to export restrictions."
This discussion has been archived. No new comments can be posted.

Amazon Launches 'AWS GovCloud'

Comments Filter:
  • Skynet!!!!
  • Despite the vague phrasing of the article, AWS GovCloud hasn't yet received any FISMA certification which means they're going to have a very hard time getting anyone in gov't to use them seriously.

    • According to Amazon Web Services, and as mentioned in the article, GovCloud "supports existing AWS security controls and certifications such as FISMA, SAS-70, ISO 27001" -- So it seems as though you are incorrect on the fact that GovCloud hasn't received FIMSA certification.

      • Not sure. But I do know that "supports" != "has".

        • They say "supports" because it is up to the developer to have the application that uses the GovCloud be certified. All they are saying is "Our services will not prevent you from writing applications that can fulfill these certifications"
          • by chill ( 34294 )

            Not true. As defined by NIST 800-60 and FIPS 199, you aren't talking about an application, but rather an "information system". NIST 800-53 defines minimum security requirement.

            The system includes physical security, physical computers, etc. and not just a software application. The equipment, location and methods used by AWS would need to be evaluated as part of these information systems.

            While that can't be done without the application, there are parts of 800-53's minimum security requirements that would appl

    • by dlgeek ( 1065796 )

      FISMA AWS enables U.S. government agency customers to achieve and sustain compliance with the Federal Information Security Management Act (FISMA). AWS has been certified and accredited to operate at the FISMA-Low level. AWS has also completed the control implementation and successfully passed the independent security testing and evaluation required to operate at the FISMA-Moderate level. AWS is currently pursuing a certification and accreditation to operate at the FISMA-Moderate level from government agencies.

      --Amazon Web Services: Risk and Compliance [cloudfront.net]

      • by chill ( 34294 )

        Thanks. I had only read the parent to that [amazon.com] and hadn't yet dug into the whitepaper.

        Your quote confirms what I suspected might be the case: FISMA low with medium being pursued. Interesting...

  • This would be nice if this was available to US citizens as well. It would provide some certainty to where one's own data resides, and that they're not outside the US's jurisdiction. That, and you wouldn't have much more than geographic placement.

    • by MBCook ( 132727 )

      For S3, you have to specify the home region of your storage. As far as I know, your storage is not copied in the other regions, that's what CloudFront is for. I believe EC2 is also setup in regions and your VM stays where you created it.

      Why do you think that signing up for Amazon's cloud means your data will go overseas?

    • > This would be nice if this was available to US citizens as well

      No need. I can already kick the power cord out of the wall on my own stuff, any time I want.

    • It would provide some certainty to where one's own data resides, and that they're not outside the US's jurisdiction.

      This isn't something unique to GovCloud; you can (must?) set your s3 buckets/ec2 instances up in a specific availability zone, which determines the location of your data.

      Other than the restriction to US persons and the requirement that EC2 instances are launched within a VPC, we didn't make any other changes to our usual operational systems or practices. In other words, the security profile o

  • That wants downtime and lost data in the EC2 cloud.

  • And Then ... (Score:4, Insightful)

    by StormyMonday ( 163372 ) on Wednesday August 17, 2011 @12:06AM (#37115290) Homepage

    ... Outsource support and system management to Mumbai. What could possibly go wrong?

  • by Anonymous Coward

    Honeypot or target painter? You decide.

  • No, what is stopping the government from moving to the cloud is crazy NIST requirements in some of the archaic parts of NIST SP800-53. If they can give me a fully certified compliant system you would seem movement in droves.

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry