Skip to content ↓ | Skip to navigation ↓

Amazon GovCloud is an isolated Amazon Web Service (AWS) designed to allow customers and the U.S government agencies to move their confidential data into the cloud to address their compliance and specific regulatory requirements. It runs under ITAR, the U.S. International Traffic in Arms Regulations. With this cloud service, US citizens can run workloads that contain any government-oriented or controlled information data in the AWS GovCloud region. The service offers features such as FIPS 140-2 endpoints as well as logical and physical, administrative access to citizens of the United States only.

Its users can also use unique capabilities and run unclassified workloads depending on their requirements. AWS is also responsible for managing logical and physical controls for its boundary. However, the overall security of the data moved into the AWS cloud is shared responsibly, where the data owner controls access to the content in their account. The AWS also provides details on setting up an account, and it has features that can distinguish a U.S. account from others. It also defines usage guidelines to allow users to process ITAR-regulated data within their region. Its guide assumes that users are familiar with the services offered by Amazon Web Services.

Where Is the AWS GovCloud Service Located?

The AWS GovCloud region is located in the Northwestern and Northeastern parts of the United States. It comes with two joint authorization boards, where one covers the eastern areas and the other one the western region. Customers can use AWS Artifact to request immediate access to their account at any point. However, government customers might need to submit a request to the compliance agency to access the Amazon Web Service. It supports various existing AWS certifications and security controls and offers the same level of security as other regions. Customers can find these controls in the AWS compliance page. However, the AWS GovCloud provides the ability for U.S. citizens to access the areas through their FIPS endpoints.

What Are the ITAR Requirements?

These are a set of regulations that control the importing and exporting of related technical data and defense-related services and articles on the USML, the United States Munitions List. In its relevant parts, ITAR requires that items listed on the list be shared with citizens of the United States. AWS uses U.S. citizens to manage its GovCloud region, and it can enable customers to architect their solutions in areas where ITAR data is involved. Unlike ISO 27001, AWS GovCloud regions don’t have formal certification. However, AWS has recently conducted a review of their FedRamp authorization and GovCloud areas to ensure the cloud service supports customers and comply with ITAR compliant systems.

What Does a Protected Article Mean?

Under ITAR, a protected article refers to any technical data stored in either a digital or document file. However, that information should contain information related to services or items designated in the United States Mutinous List. ITAR compliance helps ensure that its sensitive data doesn’t reach foreign nations or foreign persons. However, as a provider of IaaS services, AWS isn’t responsible for exporting data as contemplated by export control laws such as ITAR. As a result, the law disallows the AWS to have an export compliance program. Nonetheless, AWS facilitates all its clients with ITAR requirements to restrict their access to the network controlled by AWS to the citizens of the United States. That allows customers to manage their compliance obligations while storing their data and processing it in their respective AWS GovCloud Region.

How to Access the AWS GovCloud Region?

Additional to the requirements needed for an associated AWS account, the holder of AWS GovCloud accounts requires user access credentials and a separate account ID. Only U.S. citizens can access this region, but this isn’t subject to persons that comply with U.S. control regulations and laws and export restriction. Qualified customers can use their AWS management console to request access to their account, but they can still contact a representative of their AWS at their region.

Can All Government Agencies Use AWS GovCloud?

AWS serves entities that are required or choose to utilize only a U.S. cloud environment. However, users that don’t want to use a U.S. cloud environment can resort to other AWS regions, which comes with moderate controls. However, all government agencies must sign an agreement to gain access to their AWS regions. You might need to fill out the contact form or contact a representative in your respective region to access your AWS GovCloud Region. Members can use their AWS GovCloud accounts to power a variety of their IT workloads and apps, including Microsoft Windows Server and Enterprise Application. AWS support is available 24 hours in all regions, but a customer of AWS GovCloud, one has to contact the support team a day via email, phone or chat.

Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory compliance at the same time.

Explore how three U.S. federal government agencies leverage Tripwire to overcome their challenges in FISMA compliance, breach detection, and security in the cloud. Read all about it here:

About the Author: Matt Davida is an avid writer with a passion for all things technology. He particularly specialized in programming and cyber security. When he is not writing he enjoys teaching karate at his local dojo.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.