Veris Group (now Coalfire) has announced today that it has completed the independent assessment of three additional services within the Amazon Web Services (AWS) GovCloud (US) under the Federal Risk and Authorization Management Program (FedRAMP). These services were all assessed at the FIPS 199 High security categorization level, which is the highest categorization level of the FedRAMP program. The services receiving FedRAMP JAB provisional Authority to Operate (ATO) are:

  • Amazon CloudWatch Logs
  • AWS CloudTrail
  • Amazon Relational Database Service (RDS) MySQL, Oracle, and PostgreSQL engines

FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

Acting as the FedRAMP third party assessment organization (3PAO) for AWS, Veris Group (now Coalfire) validated that these additional services met the FedRAMP security requirements for high impact level systems. The original AWS GovCloud (US) ATO issued by the FedRAMP JAB included its five core services. This authorization increases that number to eight services approved to date. More information on the approval of these AWS services can be found on the AWS Security Blog.

“This is an important authorization. SaaS and PaaS providers pursuing FedRAMP authorization that leverage underlying infrastructure providers like AWS can only use approved services in their environment. These three additional AWS services are some of the most widely used services within the AWS service set. With this provisional ATO in place, SaaS and PaaS providers that sit on top of AWS can now utilize these services to add additional security functionality to their cloud offerings,” said Michael Carter, VP, GRC/Cyber Readiness & Engineering at Veris Group.

Cloud service providers preparing for the FedRAMP process with another 3PAO or considering FedRAMP should contact Coalfire to provide an independent review of their readiness or progress towards FedRAMP.

About Coalfire
Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, healthcare, retail, payments, and financial industries. Coalfire’s approach addresses each business’s specific vulnerability challenges, developing a long-term strategy to prevent security breaches and data theft. Coalfire has offices throughout the United States and Europe. For more information, visit www.Coalfire.com.