Amazon FSx for NetApp ONTAP is authorized for Department of Defense (DoD) Cloud Computing Security Requirements Guide (CC SRG) Impact Levels 2, 4, and 5 in the Amazon Web Services (AWS) GovCloud (US) Regions and Impact Level 2 in AWS US Regions.
The U.S. Defense Information Systems Agency (DISA) (of the U.S. Department of Defense (DoD)), is responsible for maintaining and publishing the DoD Cloud Computing Security Requirements Guide (CC SRG). The CC SRG defines the baseline security requirements that DoD uses to evaluate the security posture of a cloud service provider (CSP) and its offerings. DISA supports an authorization process whereby CSPs can furnish documentation attesting to the security compliance with CC SRG standards of their cloud service offering. DISA assesses their compliance, and, when appropriate, grants a DoD provisional authorization. This reduces the time necessary for DoD agencies and supporting organizations to engage the CSP to host DoD missions.
The DoD CC SRG defines four impact levels (IL2, IL4, IL5, and IL6) based on the sensitivity of DoD information stored and processed in the cloud, and the potential impact if there were a loss of confidentiality, integrity, or availability of that information.
Amazon FSx for NetApp ONTAP is authorized through Amazon Web Services (AWS) for the U.S. DoD CC SRG. AWS has been assessed and approved as a cloud service provider at Impact Level 2 for the US East and US West Regions and at Impact Levels 4 and 5 for the AWS GovCloud (US).
These authorizations mean that agencies that were previously restricted to on premises or cloud.gov can take advantage of the speed and flexibility of both hybrid cloud and dedicated AWS Cloud environments. Government entities can now deploy critical workloads there.
Amazon FSx for NetApp ONTAP
The P-ATOs for Amazon FSx for NetApp ONTAP are held by Amazon Web Services as part of AWS Commercial Cloud and AWS GovCloud DoD CC SRG authorizations. They are listed on AWS Services in Scope by Compliance Program (DoD CC SRG).
Read the SRG in its entirety, including the full definitions of the security control baselines defined for all impact levels.
Get information about the NetApp® products and services that meet U.S. FedRAMP criteria.