AWS Cloud Security
This document provides important information for US customers that have high security standards on cloud services and require FedRAMP compliance.
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. -- aws.amazon.com
Cloud Service Providers who want to offer their services to the US government must be FedRAMP compliant.
AWS and FedRAMP
AWS is FedRAMP compliant and offers the following services that meet different requirements:
- AWS GovCloud (FedRAMP High)
- East/West (FedRAMP Moderate)
Refer to the official AWS FedRAMP documentation for more information: FedRAMP
Deployment of b+s Connects for ServiceNow
As described in the Deployment chapter, b+s utilizes AWS public cloud services to deliver our product to customers using a global network of edge locations (CDN).
The CDN consists of the following AWS services that are in scope of FedRAMP:
| AWS service | AWS FedRAMP scope | Documentation |
|---|---|---|
| Amazon CloudFront | FedRAMP Moderate (East/West) | https://docs.aws.amazon.com/cloudfront/ |
| Amazon Simple Storage Service (S3) | FedRAMP High (GovCloud) | https://docs.aws.amazon.com/s3/ |
Amazon Cloudfront is a global delivery network, caching the data in AWS edge locations. This means that the gadget is loaded from edge locations closest to clients, which may or may not be one of the East/West regions mentioned above.