Amazon Web Services recently announced the Authority to Operate (ATO) on AWS program. ATO provides resources to software developers, such as CloudCheckr, to encourage their compliance efforts. Even before this announcement, CloudCheckr has invested heavily in internal security and certifications of dozens of personnel. In fact, nearly half of CloudCheckr staff is certified on AWS solutions with more on the way. Additionally, CloudCheckr is actively pursuing FedRAMP certification.


Authority to Operate (ATO) on AWS Granted in Recognition of CloudCheckr Security and Compliance Solutions

CloudCheckr already empowers organizations looking to achieve compliance with numerous standards, thanks to hundreds of Best Practice Checks (BPCs) that scan for misconfigurations and vulnerabilities. Many of those checks support Self-Healing Automation, allowing administrators to fix issues with the click of a Fix Now button, or a Request Fix button which initiates an approval workflow. Admins can even select Always Fix, which empowers CloudCheckr to fix the issue immediately upon detection.

Recently, CloudCheckr launched Total Compliance, a new module that builds on these Security Best Practice Checks. The controls of 35 distinct regulatory standards are mapped to CloudCheckr’s BPCs and displayed as a score. Compliance scores are plotted over time, so enterprises can track their progress. CloudCheckr’s recently announced SnapBack service is supported, so auditors can go back in time, as far as seven years, to evaluate a point-in-time compliance score.

The announcement from Amazon notes that “ATO on AWS is a partner-driven process that includes training, tools, pre-built CloudFormation templates, control implementation details, and pre-built artifacts. Additionally, customers are able to access direct engagement and guidance from AWS compliance specialists and support from expert AWS consulting and technology partners who are a part of our Security Automation and Orchestration (SAO) initiative, including GitHub, Yubico, RedHat, Splunk, Allgress, Puppet, Trend Micro, Telos, CloudCheckr, Saint, Center for Internet Security (CIS), OKTA, Barracuda, Anitian, Kratos, and Coalfire.”


“Security is top-of-mind for many organization as they move to the cloud, and rightly-so. The only way to consistently achieve compliance, at scale, is through automation,” said Aaron Newman, CEO/Founder at CloudCheckr. “Our security, compliance and automation tools provide organizations with the most advanced, robust and secure cloud management capabilities on the market.”


Even with the specific security and compliance benefits inherent with AWS, organizations must be aware of the Shared Responsibility Model. Within its Shared Responsibility Model, AWS provides a secure IT infrastructure or environment, similar to a secure house with a strong door and lock. However, it is still the homeowner’s responsibility to lock the door to ensure security. Similarly, organizations must play their part in securing their cloud. CloudCheckr provides the tools to automate security to meet government regulations while enhancing availability and optimizing costs.