AWS Services in Scope by Compliance Program

Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

Click here for full list of services covered under the AWS compliance programs.

Services going through DoD CC SRG assessment and authorization will have the following status:

Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment
Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review

* Services not within the scope of DISA review. As such, DISA has issued neither an approval nor disapproval decision regarding this product under the DoD CC SRG. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent Mission Owner approval.
** Denotes the service is Impact Level 6 authorized, but not Generally Available (GA) in the region.

DoD CC SRG

Last updated: April 14, 2025

SERVICES / PROGRAMS	SDKs	DoD CC SRG IL2 (East/West)	DoD CC SRG IL2 (GovCloud)	DoD CC SRG IL4 (GovCloud)	DoD CC SRG IL5 (GovCloud)	DoD CC SRG IL6 (AWS Secret Region )
HAQM AppFlow	appflow	✓
HAQM API Gateway	apigateway	✓	✓	✓	✓	✓
HAQM AppStream 2.0	appstream	✓	✓	✓	✓
HAQM Athena**	athena	✓	✓	✓	✓	✓
HAQM Aurora MySQL		✓	✓	✓	✓	✓
HAQM Aurora PostgreSQL		✓	✓	✓	✓	✓
HAQM Bedrock	bedrock	✓	✓	✓	✓
HAQM Chime	chime	✓
HAQM Chime SDK	chime identity-chime media-pipelines-chime messaging-chime meetings-chime voice-chime	✓	✓	✓	✓
HAQM Cloud Directory	clouddirectory	✓	✓	✓	✓
HAQM CloudFront [excludes content delivery through HAQM CloudFront Embedded Point of Presences]	cloudfront	✓
HAQM CloudWatch	cloudwatch	✓	✓	✓	✓	✓
HAQM CloudWatch Logs	logs	✓	✓	✓	✓	✓
HAQM Cognito	cognito-idp, cognito-identity, cognito-sync	✓	✓	✓	✓
HAQM Comprehend	comprehend	✓	✓	✓	✓
HAQM Comprehend Medical	comprehendmedical	✓	✓	✓	✓
HAQM Connect	connect	✓	✓	✓	✓
HAQM Data Firehose	firehose	✓	✓	✓	✓	✓
HAQM DataZone	datazone	✓
HAQM Detective	detective	✓	✓	✓	✓
HAQM DevOps Guru	devops-guru	✓
HAQM DocumentDB (with MongoDB compatibility)	docdb	✓	✓	✓	✓
HAQM DynamoDB	dynamodb	✓	✓	✓	✓	✓
HAQM EC2 Image Builder	imagebuilder	✓	✓	✓	✓	✓
HAQM Elastic Block Store (EBS)	ebs	✓	✓	✓	✓	✓
HAQM Elastic Compute Cloud (EC2)	ec2	✓	✓	✓	✓	✓
HAQM Elastic Container Registry (ECR)	ecr	✓	✓	✓	✓	✓
HAQM Elastic Container Service (ECS)	ecs	✓	✓	✓	✓	✓
HAQM Elastic File System (EFS)	efs	✓	✓	✓	✓	✓
HAQM Elastic Kubernetes Service (EKS)	eks	✓	✓	✓	✓	✓
HAQM ElastiCache	elasticache	✓	✓	✓	✓	✓
HAQM Elastic MapReduce (EMR)	emr	✓	✓	✓	✓	✓
HAQM EventBridge	events, pipes	✓	✓	✓	✓	✓
HAQM FinSpace	finspace	✓
HAQM Forecast	forecast	✓
HAQM FSx	fsx	✓	✓	✓	✓
HAQM GuardDuty	guardduty	✓	✓	✓	✓
HAQM Inspector	inspector2	✓	✓	✓	✓
HAQM Inspector Classic	inspector	✓	✓	✓	✓
HAQM Kendra	kendra	✓	✓	✓	✓
HAQM Keyspaces (for Apache Cassandra)	keyspaces	✓	✓	✓	✓
HAQM Kinesis Data Streams	kinesis	✓	✓	✓	✓	✓
HAQM Kinesis Video Streams	kinesisvideo		3PAO Assessment
HAQM Lex	runtime.lex, models.lex	✓	✓	✓	✓
HAQM Location Service	location		✓	✓	✓
HAQM Macie	macie2	✓
HAQM Managed Service for Apache Flink	kinesisanalytics	✓	✓	✓	✓
HAQM Managed Streaming for Apache Kafka (HAQM MSK)	kafka	✓	✓	✓	✓
HAQM MemoryDB	memorydb	✓
HAQM MQ	mq	✓	✓	✓	✓
HAQM Neptune	neptune-db	✓	✓	✓	✓
HAQM OpenSearch Service	opensearch	✓	✓	✓	✓	✓
HAQM Pinpoint and End User Messaging	pinpoint	✓	✓	✓	✓
HAQM Polly	polly	✓	✓	✓	✓
HAQM Q Business	qbusiness	✓
HAQM Q Developer in chat applications [formerly AWS Chatbot]	chatbot	✓
HAQM Quantum Ledger Database (QLDB)	qldb	✓
HAQM QuickSight	quicksight	✓	✓	✓	✓
HAQM RDS for MariaDB	rds	✓	✓	✓	✓	✓
HAQM RDS for MySQL	rds	✓	✓	✓	✓	✓
HAQM RDS for Oracle	rds	✓	✓	✓	✓	✓
HAQM RDS for Postgres	rds	✓	✓	✓	✓	✓
HAQM RDS for SQL Server	rds	✓	✓	✓	✓	✓
HAQM Redshift	redshift	✓	✓	✓	✓	✓
HAQM Rekognition	rekognition	✓	✓	✓	✓
HAQM Route 53	route53	✓	✓	✓	✓	✓
HAQM S3 Glacier	glacier	✓	✓	✓	✓	✓
HAQM SageMaker AI	sagemaker	✓	✓	✓	✓	✓
HAQM Security Lake	securitylake	✓	✓	DISA Review	DISA Review
HAQM Simple Email Service (SES)	ses	✓	✓	✓	✓
HAQM Simple Notification Service (SNS)	sns	✓	✓	✓	✓	✓
HAQM Simple Queue Service (SQS)	sqs	✓	✓	✓	✓	✓
HAQM Simple Storage Service (S3)	s3	✓	✓	✓	✓	✓
HAQM Simple Workflow Service (SWF)	swf	✓	✓	✓	✓	✓
HAQM Textract	textract	✓	✓	✓	✓
HAQM Timestream for LiveAnalytics	timestream	✓	✓	✓	✓
HAQM Transcribe	transcribe	✓	✓	✓	✓
HAQM Translate	translate	✓	✓	✓	✓
HAQM Verified Permissions	verifiedpermissions	3PAO Assessment	3PAO Assessment
HAQM Virtual Private Cloud (VPC)	ec2	✓	✓	✓	✓	✓
HAQM WorkDocs	workdocs	✓
HAQM WorkSpaces	workspaces	✓	✓	✓	✓	✓
HAQM WorkSpaces Secure Browser	workspaces-web	✓
AWS Application Auto Scaling	application-autoscaling		✓	✓	✓	✓
AWS Application Migration Service (MGN)	mgn	✓	✓	✓	✓
AWS App Mesh	appmesh	✓
AWS Artifact*	artifact	✓	✓	✓	✓
AWS Audit Manager	auditmanager	✓
AWS Backup	backup	✓	✓	✓	✓
AWS Batch	batch	✓	✓	✓	✓
AWS Billing Conductor*	billingconductor	✓	✓	✓	✓
AWS Budgets*	budgets	✓	✓	✓	✓
AWS Certificate Manager (ACM)	acm	✓	✓	✓	✓
AWS Clean Rooms	cleanrooms	3PAO Assessment
AWS Cloud9	cloud9	✓
AWS Cloud Map	servicediscovery	✓	✓	✓	✓
AWS CloudFormation	cloudformation	✓	✓	✓	✓	✓
AWS CloudHSM	cloudhsm	✓	✓	✓	✓
AWS CloudShell		✓	✓	✓	✓
AWS CloudTrail	cloudtrail	✓	✓	✓	✓	✓
AWS CodeBuild	codebuild	✓	✓	✓	✓
AWS CodeCommit	codecommit	✓	✓	✓	✓
AWS CodeDeploy	codedeploy	✓	✓	✓	✓	✓
AWS CodePipeline	codepipeline	✓	✓	✓	✓
AWS Compute Optimizer	compute-optimizer		✓	✓	✓
AWS Config	config	✓	✓	✓	✓	✓
AWS Control Tower	controltower	✓	✓	✓	✓
AWS Cost and Usage Reports*		✓	✓	✓	✓
AWS Cost Explorer*	ce	✓	✓	✓	✓
AWS Database Migration Service (DMS)	dms	✓	✓	✓	✓	✓
AWS DataSync	datasync	✓	✓	✓	✓
AWS Diode				✓	✓	✓
AWS Direct Connect	directconnect	✓	✓	✓	✓	✓
AWS Directory Service	ds	✓	✓	✓	✓	✓
AWS Edge Hub*		✓	✓	✓	✓
AWS Elastic Beanstalk	elasticbeanstalk	✓	✓	✓	✓
AWS Elastic Disaster Recovery (AWS DRS)	drs	✓	✓	✓	✓
AWS Elemental MediaConvert	mediaconvert	✓	✓	✓	✓
AWS Elemental MediaLive						✓
AWS Elemental Media Package						✓
AWS Entity Resolution	entityresolution	✓
AWS Fault Injection Service	fis	✓	✓	✓	✓
AWS Firewall Manager	fms	✓	✓	✓	✓
AWS Global Accelerator	globalaccelerator	3PAO Assessment
AWS Glue	glue	✓	✓	✓	✓
AWS Glue DataBrew	databrew	✓	✓	✓	✓
AWS Ground Station	groundstation	✓
AWS Health Dashboard	health	✓	✓	✓	✓	✓
AWS HealthImaging	medical-imaging	3PAO Assessment
AWS HealthLake	healthlake	✓
AWS HealthOmics	omics	✓
AWS Identity and Access Management (IAM)	iam, sts	✓	✓	✓	✓	✓
AWS IAM Identity Center	sso		✓	✓	✓
AWS IoT Core	iot	✓	✓	✓	✓
AWS IoT Device Defender		✓	✓	✓	✓
AWS IoT Device Management	iot	✓	✓	✓	✓
AWS IoT Events	iotevents	✓	✓	✓	✓
AWS IoT Greengrass	greengrass	✓	✓	✓	✓
AWS IoT SiteWise	iotsitewise		✓	✓	✓
AWS IoT TwinMaker	iottwinmaker		✓	✓	✓
AWS Key Management Service (KMS)	kms	✓	✓	✓	✓	✓
AWS Lambda	lambda	✓	✓	✓	✓	✓
AWS License Manager	license-manager	✓	✓	✓	✓	✓
AWS Mainframe Modernization	m2	✓
AWS Managed Services (AMS)		✓	✓	✓	✓
AWS Management Console*		✓	✓	✓	✓
AWS Marketplace*		✓	✓	✓	✓	✓
AWS Network Firewall	network-firewall	✓	✓	✓	✓
AWS Network Manager	networkmanager	✓	✓	✓	✓
AWS Outposts (Software)**	outposts	✓	✓	✓	✓	✓
AWS Organizations	organizations	✓	✓	✓	✓	✓
AWS Private Certificate Authority	acm-pca	✓	✓	✓	✓
AWS Resource Access Manager (AWS RAM)	ram	✓	✓	✓	✓	✓
AWS Resilience Hub	resiliencehub		✓	✓	✓
AWS Resource Groups	resource-groups	✓	✓	✓	✓
AWS Secrets Manager	secretsmanager	✓	✓	✓	✓	✓
AWS Security Hub	securityhub	✓	✓	✓	✓
AWS Serverless Application Repository	serverlessrepo	✓	✓	✓	✓
AWS Service Catalog	servicecatalog	✓	✓	✓	✓
AWS Service Quotas*	service-quotas	✓	✓	✓	✓
AWS Shield (Standard and Advanced)	shield	✓
AWS Signer	signer	✓
AWS Snowball	snowball	✓	✓	✓	✓	✓
AWS Snowball Edge	snowball	✓	✓	✓	✓	✓
AWS Step Functions	stepfunctions	✓	✓	✓	✓	✓
AWS Storage Gateway	storagegateway	✓	✓	✓	✓	✓
AWS Systems Manager	ssm	✓	✓	✓	✓	✓
AWS Transfer Family	transfer	✓	✓	✓	✓
AWS Trusted Advisor	trustedadvisor	✓	✓	✓	✓	✓
AWS Verified Access (AVA)		✓	✓	DISA Review	DISA Review
AWS Web Application Firewall (WAF)	wafv2	✓	✓	✓	✓
AWS Web Application Firewall Classic (WAF Classic)	waf-regional	✓	✓	✓	✓
AWS Well-Architected Tool	wellarchitected	✓	✓	✓	✓
AWS Wickr	wickr	✓	✓	✓	✓
AWS X-Ray	xray	✓	✓	✓	✓

^{*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.}

AWS Services in Scope by Compliance Program

Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

Want More Information About Services in Scope?

Ending Support for Internet Explorer