Amazon Web Services recognized by GovRAMP Federal JAP Attestation

We are pleased to announce that Amazon Web Services (Amazon Web Services) is now listed on the GovRAMP Authorized Product List under the GovRAMP Federal JAB Attestation category for both Amazon Web Services GovCloud (US) (High) and Amazon Web Services US East/West (Moderate) regions. GovRAMP—formerly known as StateRAMP—is a nonprofit organization that provides a standardized framework designed specifically for state and local governments in the United States (US) to ensure cloud security compliance.

Similar to FedRAMP but tailored to state and local government needs, GovRAMP provides a consistent approach to security assessment, authorization, and continuous monitoring for cloud products and services. This Provisional Authorization to Operate (P-ATO) recognizes Amazon Web Services GovCloud (US) as a secure environment in which to run highly sensitive government workloads, including Personally Identifiable Information (PII), sensitive student and patient records, financial data, research data, health data, and other Controlled Unclassified Information (CUI).

StateRAMP rebranded to GovRAMP in Q1 of fiscal year 2025 to better reflect its expanded scope beyond state governments. Originally created by state officials in 2021, the organization attracted interest from local governments and educational institutions to support the “whole-of-state” cybersecurity model where services are shared across different government levels. These developments demonstrate the exciting evolution of cloud computing usage within US state and local governments. We’re seeing a growing number of US state and local government agencies using Amazon Web Services to better protect and secure their sensitive data and critical workloads, leveraging the advanced security and control features that Amazon Web Services provides. To date, more than 11,000 government entities worldwide have utilized Amazon Web Services, and we anticipate this high baseline P-ATO will broaden the use of Amazon Web Services across city, county, and state agencies.

This recognition of our FedRAMP authorization as meeting GovRAMP requirements showcases Amazon Web Services’s commitment to customer security and compliance requirements, and applies to both the Amazon Web Services GovCloud (High) and Amazon Web Services US East/West (Moderate) regions, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Amazon Identity and Access Management (IAM), and Amazon Elastic Block Store (EBS). Launched in 2011, the Amazon Web Services GovCloud (US) Region is isolated and designed to host sensitive workloads in the cloud. Amazon Web Services GovCloud (US) also adheres to US International Traffic in Arms Regulations (ITAR), Criminal Justice Information Services (CJIS) requirements, and Levels 2 and 4 of Department of Defense systems. To learn more about Amazon Web Services’s GovRAMP compliance, visit this webpage.

If you have additional questions about GovRAMP, contact us, or if you would like to learn more about compliance in the cloud, see our Amazon Web Services Cloud Compliance page.

Lauren Cline

Lauren is a security compliance specialist at Amazon Web Services who leads security compliance initiatives to accelerate Amazon Web Services service adoption across the federal government and state governments. With over 15 years of experience in compliance, risk management, and information security, she brings extensive expertise to safeguarding cloud infrastructures. A Certified Information Systems Security Professional (CISSP) from ISC² and holder of a bachelor's degree in Management Information Systems from East Carolina University, Lauren leverages her technical knowledge and educational background to navigate the complex landscape of security compliance. In her role, she ensures Amazon Web Services services meet rigorous security standards, building trust and enabling customers to confidently leverage Amazon Web Services technologies.