Amazon Web Services’ hosted storage and computing products have achieved FISMA Moderate certification, the company announced Thursday, Sept. 15.
Federal Information Security Management Act (FISMA) certification requires federal agencies to develop and implement information security program based on risk-based assessments, including for work managed by a contractor.
The configurations and controls required by FISMA Moderate are “extensive,” according to Amazon, and include third-party audits and process documentation.
Public-sector customers — including Recovery.gov, Treasury.gov and the Federal Register — are using the Amazon Elastic Compute Cloud for flexible computing power, and also the online retailer’s private cloud and storage offerings. The company has established a partitioned “GovCloud” specifically for government customers.
With the addition of FISMA Moderate, Amazon Web Services now has PCI DSS Level 1, FIPS 140-2, ISO 27001, and SAS-70 type II certifications, the company said.
“By meeting the Federal government’s requirements for FISMA Moderate, agencies can rapidly expand their cloud computing footprint, deploying sensitive government data and applications on [Amazon Web Services] while continuing to comply with the government’s unique and rigorous security requirements,” said Stephen Schmidt, the company's chief information security officer, in a statement.
FISMA certification has become an important milestone in the burgeoning cloud computing market, as earlier this year Microsoft and Google got into a spat about which company’s products were truly FISMA-compliant.