has achieved Federal Information Security Management Act (FISMA) Moderate authorization and accreditation from the General Services Administration (GSA).Amazon continues to woo government agencies for their cloud business. The company announced today that it
The FISMA accreditation covers three Amazon services: Elastic Compute Cloud (EC2), Simple Storage Service (S3) and Virtual Private Cloud (VPC). What does this mean?
According to the AWS info page on the accreditation, it covers an "extensive set of security configuration and controls" along with requirements to document management, operational, and "technical prowess" to secure the physical and virtual infrastructure. It also requires third party audits.
FISMA certification might sound like a pretty dull topic, but it's enough to get providers like Google and Microsoft into a spat. AWS joins Google App Engine and Microsoft's Business Productivity Online Services (BPOS), which also have FISMA Moderate accreditation.
In addition to FISMA, AWS has PCI DSS Level 1, FIPS 140-2, ISO 27001, and SAS-70 type II. See the NIST page on FISMA for more information about the act.