The ATOs are processed in accordance with NIST 800-37 and 800-53 (rev 3) and can be accepted by any federal agency for cloud storage, virtual machines, and web hosting at the Federal Information Security Management Act (FISMA) Moderate Impact Level or lower.

FORBES: Homeland Security Moves To Cloud through GSA IaaS BPA