FedRAMP Authorized — Moderate Impact
VMware Cloud on AWS GovCloud by Broadcom (VMware). 6 compliance features verified.
VMware Cloud on AWS GovCloud
by Broadcom (VMware)
Impact Level
Moderate
Status
Authorized
Pricing
enterprise
Authorization Date: June 14, 2021 | Sponsoring Agency: DHS
Overview
VMware Cloud on AWS GovCloud enables government organizations to extend their existing VMware environments to the cloud without re-architecting applications. It provides a consistent infrastructure and operations model across on-premises and cloud environments. The service runs on dedicated AWS GovCloud infrastructure.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure VMware Cloud on AWS GovCloud for Defense Contracts
VMware Cloud on AWS GovCloud is available through GSA Multiple Award Schedule (MAS) 70, SEWP V, and CIO-SP3 contract vehicles. Government pricing includes significant discounts compared to commercial rates, typically 10-25% reduction through GSA negotiated pricing. The authorization boundary must clearly define the SDDC cluster boundaries, network segmentation between tenants, and data flow between on-premises and cloud environments in your System Security Plan (SSP). Contracting officers must approve the cloud service provider agreement, data location restrictions (AWS GovCloud regions only), and ensure proper FISMA authorization inheritance documentation. Typical procurement timeline spans 90-120 days including technical evaluation, security assessment review, and contract negotiation. For DFARS 252.239-7010 compliance, ensure the contract includes adequate security provisions and covered defense information handling requirements. Include this service in your CMMC assessment boundary if processing Controlled Unclassified Information (CUI), documenting network architecture, access controls, and data protection measures. The service inherits AWS GovCloud infrastructure controls while VMware provides the virtualization layer security controls, requiring clear delineation of responsibility matrices in procurement documentation.
Compliance Cross-References
VMware Cloud on AWS GovCloud directly supports DFARS 252.204-7012 compliance by providing FedRAMP Moderate authorized infrastructure for CUI processing with appropriate access controls (AC family), system and communications protection (SC family), and comprehensive audit logging (AU family). The platform satisfies DFARS 252.239-7010 cloud computing requirements through its dedicated GovCloud deployment model and government-only tenant isolation. For NIST 800-171 compliance, the service addresses Access Control (AC.2.005-AC.2.016) through vSphere identity management integration, System and Communications Protection (SC.3.177-SC.3.191) via NSX micro-segmentation and encryption, and Audit and Accountability (AU.3.046-AU.3.049) through vRealize Log Insight and native AWS CloudTrail integration. CMMC Level 2 domain alignment includes Asset Management through vCenter inventory controls, Access Control via role-based permissions, Configuration Management through vSphere configuration baselines, and System and Information Integrity via VMware security patches and vulnerability management. DoD Cloud Computing SRG IL2/IL4 requirements are met through the platform's dedicated government cloud architecture, cryptographic controls, and continuous monitoring capabilities.
Defense Contractor Use Case
Defense contractors use VMware Cloud on AWS GovCloud to migrate existing VMware-based workloads to the cloud without refactoring, maintaining operational consistency while gaining cloud scalability.
Related Products
More Infrastructure as a Service Products
Frequently Asked Questions
What is the FedRAMP authorization level for VMware Cloud on AWS GovCloud?
VMware Cloud on AWS GovCloud is authorized at the FedRAMP Moderate impact level, with authorization granted on 2021-06-14 sponsored by DHS. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use VMware Cloud on AWS GovCloud for CUI?
VMware Cloud on AWS GovCloud is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does VMware Cloud on AWS GovCloud pricing compare to commercial?
VMware Cloud on AWS GovCloud government pricing is typically negotiated on an enterprise basis and may differ from commercial list prices. Government and defense contractor pricing often includes compliance overhead that can make it 15-30% higher than commercial equivalents. However, volume discounts, GSA Schedule pricing, and multi-year commitments can help offset these costs. Contact Broadcom (VMware) directly or check GSA Advantage for current government pricing.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack VMware Cloud on AWS GovCloud FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days