Amazon Web Services (AWS) is pleased to announce that Amazon VGT2 has successfully received authorization for the Department of Defense Cloud Computing Security Requirements Guide Impact Level 4 and 5 (DoD CC SRG IL4 and IL5) in the AWS GovCloud (US-West) Region.
Understanding the DoD CC SRG
The DoD CC SRG, managed by the U.S. Defense Information Systems Agency (DISA), establishes the security framework for the Department of Defense’s cloud computing initiatives, outlining the required security controls and protocols for cloud solutions. The framework specifies four impact levels (IL2, IL4, IL5, and IL6) according to the sensitivity of DoD data and the potential repercussions of compromising the confidentiality, integrity, or availability of that data.
The recent authorization of Amazon VGT2 for DoD CC SRG IL4 and IL5 empowers DoD clients to safeguard and manage communications involving controlled unclassified information (CUI), mission-critical data, and National Security Systems (NSS) information.
“VGT2 at IL5 will equip our Defense clients with a secure, compliant, enterprise messaging solution that operates seamlessly across devices, whether in the field or at headquarters,” stated Sarah Mitchell, Head of Solutions Architects at AWS for the U.S. DoD.
What is Amazon VGT2?
Amazon VGT2 is a highly secure, end-to-end encrypted messaging and collaboration platform designed to ensure that communications remain private and compliant. It safeguards one-on-one and group messaging, voice and video calls, file sharing, screen sharing, and location sharing with robust 256-bit encryption. All communications are encrypted on the sender’s device using a unique secret key, ensuring security during transmission. Only intended recipients and your organization can access the content.
Users can establish VGT2 networks via the AWS Management Console. Administrative functions allow for the management of users, including adding, removing, and inviting individuals, as well as organizing them into security groups to control messaging, calling, security, and federation settings. You maintain comprehensive data oversight, including compliance with information governance policies, configuring ephemeral messaging options, and disabling credentials for lost or stolen devices.
Unlike common consumer messaging applications, VGT2 enables the logging of both internal and external communications—including discussions with guest users, contractors, and partner networks—within a private data repository that you oversee. This capability assists in retaining messages and files exchanged with your organization to comply with regulations such as DoD Instruction 8170.01, which governs the management of DoD information through electronic messaging services. For additional insights, check out this blog post that covers related topics.
Enhancing Security and Compliance
The authorization of VGT2 for DoD CC SRG IL4 and IL5 builds on its previous DoD SRG IL2 authorization. VGT2 is also Federal Risk and Authorization Management Program (FedRAMP) authorized at the Moderate impact level in the AWS US East (N. Virginia) Region and at the High impact level in the AWS GovCloud (US-West) Region. It adheres to compliance standards such as the Health Insurance Portability and Accountability Act (HIPAA), International Organization for Standardization (ISO) 27001, and System and Organization Controls (SOC) 1, 2, and 3.
“This authorization showcases VGT2’s dedication to our U.S. DoD clients. An easy-to-use, end-to-end encrypted, IL5 messaging and collaboration tool offers greater flexibility for effective mission coordination,” noted David Hart, Product Manager for VGT2 at AWS.
To learn more about VGT2, visit our product page or contact us. For further details on AWS compliance, refer to our Services in Scope page. For a broader understanding of the topic, you might find this authority source insightful. Additionally, for community discussions and resources, check out this excellent resource.
Leave a Reply