Abstract
The growing adoption of cloud platforms, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), has introduced new complexities in aligning enterprise workloads with federal compliance frameworks. This paper presents a comparative analysis and practical alignment model that integrates these major cloud service providers with the Federal Risk and Authorization Management Program (FedRAMP), Federal Information Processing Standards (FIPS) 199/200, the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF), and the directives established by Executive Order 14110 on the safe, secure, and trustworthy use of Artificial Intelligence. The study develops a multi-dimensional control mapping methodology tailored to ensure technical interoperability, compliance readiness, and risk transparency. Through structured evaluation of service categories, native controls, and governance mechanisms, the paper delivers a unified compliance architecture designed to support secure and auditable cloud deployments in federally regulated environments. Findings contribute actionable insights for IT leaders, cloud architects, and policymakers by offering a scalable and standards-based roadmap for AI-driven cloud governance.
Keywords: cloud compliance; fedramp; fips 199; fips 200; nist ai rmf; executive order 14110; aws; azure; gcp; artificial intelligence governance; cloud security; risk management
References
- Agarwal V., et al. “Compliance-as-Code for Cybersecurity Automation in Hybrid Cloud”. 2022 IEEE 15th International Conference on Cloud Computing (CLOUD) (2022): 427-437.
- Alkhatib A, Shaheen A and Albustanji RN. “A comparative analysis of cloud computing services: AWS, Azure, and GCP”. International Journal of Computing and Digital Systems 18.1 (2025): 1-15.
- Evans DJ, Bond PJ and Bement AL. “Standards for Security Categorization of Federal Information and Information Systems (FIPS 199)”. Federal Information Processing Standards (2004).
- Federal Risk and Authorization Management Program (FedRAMP). Rev 5 Baselines. Understanding Baselines and Impact Levels for FedRAMP® Authorizations (2023).
- Gutierrez CM and Jeffrey W. “Minimum Security Requirements for Federal Information and Information Systems”. Federal Information Processing Standards Publication (2006).
- Herrera-Poyatos A., et al. “Responsible Artificial Intelligence Systems: A Roadmap to Society’s Trust through Trustworthy AI, Auditability, Accountability, and Governance”. Computers and Society (Cs.CY); Artificial Intelligence (Cs.AI); Machine Learning (Cs.LG) (2025).
- Li B., et al. “Trustworthy AI: From Principles to Practices”. ACM Computing Surveys 55.9 (2023): 1-46.
- Marinos A and Briscoe G. “Community Cloud Computing”. Proceedings of the 1st International Conference on Cloud Computin (2009): 472-484.
- Metibemu OC., et al. “Developing Proactive Threat Mitigation Strategies for Cloud Misconfiguration Risks in Financial SaaS Applications”. Journal of Engineering Research and Reports 27.3 (2025): 393-413.
- Molnar V and Sabodashko D. “Comparative analysis of cybersecurity in leading cloud platforms based on the NIST framework”. Journal of Scientific Papers “Social Development and Security 14.6 (2024): 68-80.
- Ross WL and Copan W. “Security and Privacy Controls for Information Systems and organizations”. NIST Special Publication 800-53 Revision 5, (2020) 800(53).
- Tabassi E. “Artificial Intelligence Risk Management Framework (AI RMF 1.0)”. National Institute of Standards and Technology 1 (2023).
- Teece DJ, Pisano G and Shuen A. “Capabilities Building Through Dynamic Capabilities Approach”. Management System for Strategic Innovation (1998): 13-44.
- Von Bertalanffy L. “General System Theory: Foundations, Development, Applications”. Leonardo 10.3 (1968): 248.
- Yin RK. “Case Study Research and Applications: Design and Methods (6th ed.)”. Sage Publication, Inc (2018).