Amazon Web Services has developed a framework meant to help agencies and vendors architect Trusted Internet Connection-ready cloud computing tools that comply with the Federal Risk and Authorization Management Program’s moderate baseline security requirements.
The Guidance for TIC Readiness on AWS was produced after the cloud service provider completed its FedRAMP-Trusted Internet Connection Overlay testing program, Chad Woolf, AWS’ director of risk and compliance, said in a blog entry posted Wednesday.
“The goal of the pilot was to help develop and test a new way of architecting access to cloud-based services with TIC capabilities that would maintain a high level of security—mapped to FedRAMP security controls—and still provide a friendly and accessible government user experience,” Woolf noted.
He added AWS worked with the FedRAMP Program Office Management Office, the General Services Administration‘s 18F organization, the Department of Homeland Security and Veris Group to conduct the analysis.
Veris found that 80 percent of all architectures used during the FedRAMP-TIC Overlay test are covered by an authority-to-operate certification that AWS currently holds.
According to Woolf, AWS clients can use data from the company’s TIC mobile assessment effort to implement architectures as part of their virtual perimeter security platforms.