The Commerce Department certified two Amazon Web Services cloud offerings on June 8, granting authority to operate (ATO) to AWS GovCloud and AWS East/West in support of the agency's big data initiatives.
Commerce officials used existing ATOs through the Federal Risk and Authorization Management Program (FedRAMP) to certify both services were secure enough to host the department's data safely while making it available through the cloud.
"As 'America's Data Agency,' the Department of Commerce intrinsically understands and appreciates that a 'cloud first' strategy is critical in maximizing the power of open data in order to facilitate the conditions for economic growth and opportunity," Commerce CIO Steve Cooper said June 8, citing NOAA's efforts to push more data out to the public and the newly established Commerce Data Service as examples.
Through the FedRAMP process, the Office of the CIO "has determined that the risk to agency operations, agency assets or individuals resulting from the operation of these systems is acceptable," Cooper said. "We believe it is a great milestone for the department and will be a catalyst for future data products and services that we create for the American people."
As part of the FedRAMP process, agencies are able to use ATOs from other departments as a baseline to certify cloud offerings, rather than restarting the whole process from scratch.
"Commerce is doing exactly what FedRMAP is designed for — reusing authorizations to reduce the time to grant an authorization and eliminate duplicative spending on authorization efforts," FedRAMP Agency Evangelist Ashley Mahan said. "Commerce's authorization is representative of one of the latest trends we're seeing at FedRAMP — a major increase in reuse of authorizations, with over a 200 percent increase in these authorizations within the last six months alone."
However, in a post on LinkedIn, Cooper and Commerce Deputy Chief Data Officer Tyrone Grandison noted that components within Commerce will have to do their own due diligence before using the AWS services.
"Even though this authority is issued for the Commerce Department, the CIOs of the individual bureaus within the department must arrive at their own determination," they wrote. "Our determination provides guidance and a path for our own internal direction."