AWS Services in Scope by Compliance Program

Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 


This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

 

Click here for full list of services covered under the AWS compliance programs.


Services going through DoD CC SRG assessment and authorization will have the following status:

  • Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment
  • Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review

* Services not within the scope of DISA review. As such, DISA has issued neither an approval nor disapproval decision regarding this product under the DoD CC SRG. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent Mission Owner approval.
** Denotes the service is Impact Level 6 authorized, but not Generally Available (GA) in the region.

DoD CC SRG Last updated: December 9, 2024
SERVICES / PROGRAMS SDKs DoD CC SRG IL2 (East/West) DoD CC SRG IL2 (GovCloud) DoD CC SRG IL4 (GovCloud) DoD CC SRG IL5 (GovCloud) DoD CC SRG IL6 (AWS Secret Region)
Amazon AppFlow
appflow        
Amazon API Gateway apigateway
Amazon AppStream 2.0 appstream  
Amazon Athena** athena
Amazon Aurora MySQL  
Amazon Aurora PostgreSQL  
Amazon Bedrock bedrock  
Amazon Chime chime        
Amazon Chime SDK chime
identity-chime
media-pipelines-chime
messaging-chime
meetings-chime
voice-chime
 
Amazon Cloud Directory clouddirectory  
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences] cloudfront        
Amazon CloudWatch cloudwatch
Amazon CloudWatch Logs logs
Amazon Cognito cognito-idp, cognito-identity, cognito-sync  
Amazon Comprehend comprehend  
Amazon Comprehend Medical comprehendmedical  
Amazon Connect connect  
Amazon Data Firehose firehose
Amazon DataZone datazone 3PAO Assessment        
Amazon Detective detective  
Amazon DevOps Guru devops-guru        
Amazon DocumentDB (with MongoDB compatibility) docdb DISA Review DISA Review  
Amazon DynamoDB dynamodb
Amazon EC2 Image Builder imagebuilder
Amazon Elastic Block Store (EBS) ebs
Amazon Elastic Compute Cloud (EC2) ec2
Amazon Elastic Container Registry (ECR) ecr
Amazon Elastic Container Service (ECS) ecs
Amazon Elastic File System (EFS) efs
Amazon Elastic Kubernetes Service (EKS) eks
Amazon ElastiCache elasticache
Amazon Elastic MapReduce (EMR) emr
Amazon EventBridge events, pipes
Amazon FinSpace finspace        
Amazon Forecast forecast        
Amazon FSx fsx  
Amazon GuardDuty guardduty  
Amazon Inspector inspector2  
Amazon Inspector Classic inspector  
Amazon Kendra kendra  
Amazon Keyspaces (for Apache Cassandra) keyspaces  
Amazon Kinesis Data Streams kinesis
Amazon Lex runtime.lex, models.lex  
Amazon Location Service location        
Amazon Macie macie2        
Amazon Managed Service for Apache Flink [formerly Amazon Kinesis Data Analytics] kinesisanalytics  
Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka  
Amazon MemoryDB memorydb        
Amazon MQ mq  
Amazon Neptune neptune-db  
Amazon OpenSearch Service opensearch
Amazon Pinpoint and End User Messaging pinpoint  
Amazon Polly polly  
Amazon Quantum Ledger Database (QLDB) qldb        
Amazon QuickSight quicksight  
Amazon RDS for MariaDB rds
Amazon RDS for MySQL rds
Amazon RDS for Oracle rds
Amazon RDS for Postgres rds
Amazon RDS for SQL Server rds
Amazon Redshift redshift
Amazon Rekognition rekognition  
Amazon Route 53 route53
Amazon S3 Glacier glacier
Amazon SageMaker sagemaker
Amazon Security Lake securitylake 3PAO Assessment 3PAO Assessment      
Amazon Simple Email Service (SES) ses  
Amazon Simple Notification Service (SNS) sns
Amazon Simple Queue Service (SQS) sqs
Amazon Simple Storage Service (S3) s3
Amazon Simple Workflow Service (SWF) swf
Amazon Textract textract  
Amazon Timestream for LiveAnalytics timestream  
Amazon Transcribe transcribe  
Amazon Translate translate  
Amazon Virtual Private Cloud (VPC) ec2
Amazon WorkDocs workdocs        
Amazon WorkSpaces workspaces
Amazon WorkSpaces Secure Browser workspaces-web        
AWS Application Auto Scaling application-autoscaling  
AWS Application Migration Service (MGN) mgn DISA Review DISA Review  
AWS App Mesh appmesh        
AWS Artifact* artifact  
AWS Audit Manager auditmanager        
AWS Backup backup  
AWS Batch batch  
AWS Billing Conductor* billingconductor  
AWS Budgets* budgets  
AWS Certificate Manager (ACM) acm  
AWS Chatbot chatbot        
AWS Cloud9 cloud9        
AWS Cloud Map servicediscovery  
AWS CloudFormation cloudformation
AWS CloudHSM cloudhsm  
AWS CloudShell    
AWS CloudTrail cloudtrail
AWS CodeBuild codebuild  
AWS CodeCommit codecommit  
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline  
AWS Compute Optimizer compute-optimizer    
AWS Config config
AWS Control Tower controltower  
AWS Cost and Usage Reports*    
AWS Cost Explorer* ce  
AWS Database Migration Service (DMS) dms
AWS DataSync datasync
AWS Diode      
AWS Direct Connect directconnect
AWS Directory Service ds
AWS Edge Hub*    
AWS Elastic Beanstalk elasticbeanstalk  
AWS Elastic Disaster Recovery (DRS) drs      
AWS Elemental MediaConvert mediaconvert  
AWS Elemental MediaLive          
AWS Entity Resolution entityresolution        
AWS Fault Injection Service fis  
AWS Firewall Manager fms  
AWS Glue glue  
AWS Glue DataBrew databrew  
AWS Ground Station groundstation        
AWS Health Dashboard health
AWS HealthLake healthlake        
AWS HealthOmics omics        
AWS Identity and Access Management (IAM) iam, sts
AWS IAM Identity Center sso    
AWS IoT Core iot  
AWS IoT Device Defender    
AWS IoT Device Management iot  
AWS IoT Events iotevents  
AWS IoT Greengrass greengrass  
AWS IoT SiteWise iotsitewise    
AWS IoT TwinMaker iottwinmaker    
AWS Key Management Service (KMS) kms
AWS Lambda lambda
AWS License Manager license-manager
AWS Mainframe Modernization m2        
AWS Managed Services (AMS)    
AWS Management Console*    
AWS Marketplace*  
AWS Network Firewall network-firewall  
AWS Network Manager networkmanager DISA Review DISA Review  
AWS Outposts (Software)** outposts
AWS Organizations organizations  
AWS Private Certificate Authority acm-pca  
AWS Resource Access Manager (AWS RAM) ram
AWS Resilience Hub resiliencehub        
AWS Resource Groups resource-groups  
AWS Secrets Manager secretsmanager
AWS Security Hub securityhub  
AWS Serverless Application Repository serverlessrepo  
AWS Service Catalog servicecatalog  
AWS Service Quotas* service-quotas  
AWS Shield (Standard and Advanced) shield        
AWS Signer signer        
AWS Snowball snowball
AWS Snowball Edge snowball
AWS Step Functions stepfunctions
AWS Storage Gateway storagegateway  
AWS Systems Manager ssm
AWS Transfer Family transfer  
AWS Trusted Advisor trustedadvisor
AWS Verified Access (AVA)   3PAO Assessment 3PAO Assessment      
AWS Web Application Firewall (WAF) wafv2  
AWS Web Application Firewall Classic (WAF Classic) waf-regional  
AWS Well-Architected Tool wellarchitected  
AWS Wickr wickr  
AWS X-Ray xray  

*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.  

Want More Information About Services in Scope?