FedRAMP Authorized — High Impact
AWS GovCloud (US) by Amazon Web Services. 6 compliance features verified.
AWS GovCloud (US)
by Amazon Web Services
Impact Level
High
Status
Authorized
Pricing
enterprise
Authorization Date: July 18, 2018 | Sponsoring Agency: DoD
Overview
AWS GovCloud provides isolated cloud infrastructure designed to host sensitive data and regulated workloads in the cloud. It meets stringent U.S. government compliance requirements including ITAR, EAR, and DoD SRG Impact Levels 2, 4, and 5. AWS GovCloud regions are operated by employees who are U.S. citizens on U.S. soil.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure AWS GovCloud (US) for Defense Contracts
AWS GovCloud is available through GSA MAS Contract 47QTCA18D008Y, SEWP V Contract NNG15SC03B, and CIO-SP3 OASIS contracts. Government pricing is typically 10-15% below commercial rates through these vehicles. Contracting officers must approve the System Security Plan (SSP) boundary definition, ensuring only GovCloud services within the FedRAMP authorization boundary are utilized. The authorization package includes 1,200+ pages of security documentation, control implementation details, and continuous monitoring procedures. Procurement timeline typically requires 60-90 days for initial Authority to Operate (ATO), including security review of planned service usage, data classification verification, and interconnection security agreements. For CMMC assessments, clearly define which GovCloud services handle CUI and ensure all selected services maintain IL4+ certification. Request AWS Customer Responsibility Matrix to document shared security model boundaries. Include GovCloud usage in your System Security Plan with specific service configurations, data flows, and encryption implementations. Verify contractor personnel accessing GovCloud maintain required citizenship and background investigations per contract requirements.
Compliance Cross-References
AWS GovCloud directly supports DFARS 252.204-7012 compliance through IL4/IL5 certified infrastructure meeting CUI protection requirements. For DFARS 252.239-7010 cloud services, GovCloud's FedRAMP High authorization and continuous monitoring satisfy government cloud security standards. NIST 800-171 control families are addressed comprehensively: Access Control (AC) through AWS IAM and MFA enforcement, System and Communications Protection (SC) via FIPS 140-2 encryption and network segmentation, and Audit and Accountability (AU) through CloudTrail logging and monitoring. CMMC Level 2 domains align with GovCloud capabilities: Access Control through centralized identity management, Configuration Management via AWS Config compliance monitoring, Identification and Authentication using PKI certificates, and System and Information Integrity through automated vulnerability scanning. DoD Cloud Computing SRG requirements for data location, personnel security, and supply chain risk management are inherently satisfied within the GovCloud environment's isolated regions and vetted infrastructure.
Defense Contractor Use Case
Defense contractors use AWS GovCloud to host CUI, process classified-adjacent workloads, and run mission-critical applications that require FedRAMP High and DoD IL4/IL5 authorization.
Related Products
More Infrastructure as a Service Products
Related Compliance Assessments
Frequently Asked Questions
What is the FedRAMP authorization level for AWS GovCloud (US)?
AWS GovCloud (US) is authorized at the FedRAMP High impact level, with authorization granted on 2018-07-18 sponsored by DoD. The FedRAMP High baseline includes approximately 421 security controls and is the most rigorous authorization level.
Can defense contractors use AWS GovCloud (US) for CUI?
Yes, AWS GovCloud (US) is authorized at the FedRAMP High baseline, which is suitable for protecting CUI. Defense contractors can use this platform for processing, storing, and transmitting CUI in compliance with NIST 800-171 and DFARS 252.204-7012 requirements. The High baseline provides the most comprehensive set of security controls for cloud services.
How does AWS GovCloud (US) pricing compare to commercial?
AWS GovCloud (US) government pricing is typically negotiated on an enterprise basis and may differ from commercial list prices. Government and defense contractor pricing often includes compliance overhead that can make it 15-30% higher than commercial equivalents. However, volume discounts, GSA Schedule pricing, and multi-year commitments can help offset these costs. Contact Amazon Web Services directly or check GSA Advantage for current government pricing.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack AWS GovCloud (US) FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days