Chantilly, VA — June 16, 2025 — Coalfire Federal, a leading Certified Third-Party Assessment Organization (C3PAO), today announced that Amazon Web Services (AWS) has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 for its Controlled Working Environment (CWE), following a successful assessment conducted by Coalfire Federal.
This milestone marks one of the most significant validations of cloud infrastructure readiness in the defense ecosystem. AWS’s CWE is now certified to securely handle Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) in alignment with CMMC 2.0 Level 2 and DFARS 252.204-7012 requirements.
“AWS’s achievement is a landmark for the DIB,” said Amy Williams, VP of CMMC at Coalfire Federal. “As the C3PAO that conducted the assessment, we saw firsthand the level of preparation, security maturity, and cross-functional commitment it takes to succeed. This sets the tone for cloud service providers across the federal contracting space.”
Coalfire Federal has been at the forefront of CMMC readiness and certification since the program’s inception. With a proven track record in both advisory services and impartial assessments, Coalfire Federal continues to support the Defense Industrial Base in navigating compliance requirements with rigor and transparency.
"Working with Coalfire Federal for our CMMC Level 2 assessment was a thorough and professional experience from start to finish. Their assessment team demonstrated deep expertise in both the technical requirements and the practical implementation of CMMC controls,” said Travis Goldbach, Global Head of CMMC at AWS. “The clear communication and structured approach they brought to the assessment process helped ensure we could demonstrate our security posture effectively. For organizations seeking CMMC assessment, Coalfire Federal proves to be a partner that balances assessment rigor with practical business understanding."
As one of the largest cloud providers in the world, AWS plays a critical role in enabling secure digital transformation across the Defense Industrial Base. Their certification demonstrates not only organizational maturity but also sets a precedent for other providers seeking to serve federal missions.
“Certification is not just a checkbox—it’s a strategic imperative,” added William Malone, President of Coalfire Federal. “Organizations like AWS are proving that it’s possible to meet the bar without compromising innovation or scalability.”
Coalfire Federal is a trusted provider of cybersecurity assessments and advisory services focused exclusively on the federal sector. As a C3PAO and FedRAMP 3PAO, Coalfire Federal partners with contractors, cloud service providers, and integrators to help them meet and maintain regulatory cybersecurity requirements, including CMMC, FedRAMP, and NIST frameworks.