Press Release

Veris Group, LLC dba Coalfire Federal Completes FedRAMP High JAB Assessment of additional AWS GovCloud (US) services

January 10, 2017

Amazon CloudWatch Logs, AWS CloudTrail and Amazon RDS [MySQL, Oracle, PostgreSQL engines] on AWS GovCloud (US) are approved for use by FedRAMP at the High categorization level


WESTMINSTER, CO – January 10, 2017Veris Group, LLC dba Coalfire Federal has announced today that it has completed the independent assessment of three additional services within the Amazon Web Services (AWS) GovCloud (US) under the Federal Risk and Authorization Management Program (FedRAMP). These services were all assessed at the FIPS 199 High security categorization level, which is the highest categorization level of the FedRAMP program. The services receiving FedRAMP JAB provisional Authority to Operate (ATO) are:

  • Amazon CloudWatch Logs
  • AWS CloudTrail
  • Amazon Relational Database Service (RDS) MySQL, Oracle, and PostgreSQL engines

FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

Acting as the FedRAMP third party assessment organization (3PAO) for AWS, Veris Group, LLC dba Coalfire Federal validated that these additional services met the FedRAMP security requirements for high impact level systems. The original AWS GovCloud (US) ATO issued by the FedRAMP JAB included its five core services. This authorization increases that number to eight services approved to date. More information on the approval of these AWS services can be found on the AWS Security Blog.

“This is an important authorization. SaaS and PaaS providers pursuing FedRAMP authorization that leverage underlying infrastructure providers like AWS can only use approved services in their environment. These three additional AWS services are some of the most widely used services within the AWS service set. With this provisional ATO in place, SaaS and PaaS providers that sit on top of AWS can now utilize these services to add additional security functionality to their cloud offerings,” said Michael Carter, VP, GRC/Cyber Readiness & Engineering at Veris Group.

Cloud service providers preparing for the FedRAMP process with another 3PAO or considering FedRAMP should contact Coalfire to provide an independent review of their readiness or progress towards FedRAMP.

About Coalfire

Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, healthcare, retail, payments, and financial industries. Coalfire’s approach addresses each business’s specific vulnerability challenges, developing a long-term strategy to prevent security breaches and data theft. Coalfire has offices throughout the United States and Europe. For more information, visit