News

Microsoft, Amazon Clouds Get Highest-Level Gov't Approval

The Microsoft Azure and Amazon Web Services (AWS) public clouds are now certified to run highly sensitive workloads from government agencies.

The two companies each announced last week that they have been accredited with the highest level of compliance by the Federal Risk and Authorization Management Program (FedRAMP). CSRA, a provider that offers IT services specifically to government agencies, also reached the long-awaited FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) clearance.

The approvals, which were long-expected, pave the way for federal agencies to host the most sensitive, high-impact workloads on the three companies' public clouds, including personally identifiable information, financial data, law enforcement information and other forms of unclassified content. In all, the certification covers 400 different security controls.

Azure and AWS have been FedRAMP-compliant for several years, but only for low-level or moderate workloads. The upgraded FedRAMP status certifies that the approved cloud platforms have "controls in place to securely process high-impact level data -- that is, data that, if leaked or improperly protected, could have a severe adverse effect on organizational operations, assets, or individuals," said Susie Adams, chief technology officer of Microsoft Federal, in a blog post.

Teresa Carlson, public sector vice president of AWS, noted that more than 2,300 government customers worldwide use the AWS cloud. "By demonstrating the security of the AWS Cloud with the FedRAMP High baseline, agencies can confidently use our services for an even broader set of critical mission applications and innovations," Carlson said in a statement.

That baseline, according to AWS, "is mapped to National Institute of Standards and Technology (NIST) security controls, which classify data as 'High' if a compromise would severely impact an organization's operations, assets or individuals."

For Microsoft, the FedRAMP High accreditation covers 13 customer-facing services, including Azure Key Vault, Express Route and Web Apps, "representing a significantly more agile pace of accreditation to the benefit of Federal customers," Adams noted.

For AWS, it covers the "AWS GovCloud (US) region, including Amazon Elastic Cloud Compute (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Amazon Identity and Access Management (IAM), and Amazon Elastic Block Store (EBS)," according to the company.

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.