Amazon Web Services, Microsoft Azure and the lesser known CSRA Inc. have landed a key authorization from the U.S. government that gives federal agencies permission to use their cloud-computing services to store highly sensitive data.

The three companies’ clouds (AWS GovCloud, Azure GovCloud and CSRA’s ARC-P IaaS) have all been granted provisional authority that allows them to provide services under the highest baseline of the government’s tough Federal Risk and Authorization Management Program (FedRAMP) standards for cloud computing services.

More than 400 security controls are present in the FedRAMP’s high baseline. Now that AWS, Microsoft and CRSA have all been granted approval, their clouds can be used for the most sensitive of workloads, which includes storing citizens’ personal information.

The award is notable for all three companies because the U.S. government spends around half of its $80 billion annual IT budget on systems covered by that high baseline, said FedRAMP in a blog post. “That’s huge!”, the organization helpfully pointed out.

“These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments,” FedRAMP added. “This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin.”

With AWS’s GovCloud now approved for FedRAMP’s high baseline, government agencies have a much “simplified path” to transitioning their most sensitive data to the public cloud, noted Teresa Carlson, vice president for the worldwide public sector at AWS, in a statement.

FedRAMP said its high baseline standards are aligned with the those of the U.S. National Institute of Standards and Technology, which classifies data as “high risk” if a security breach would lead to a severe impact on the assets, operations or people at an organization.

Image credit: tpsdave via pixabay