Amazon Web Services, Microsoft Azure, and CSRA/Autonomics are the first three public cloud providers to pass stiffer federal security requirements for handling security-sensitive government applications and data.
All three companies, along with several others, already met older, less restrictive requirements under the Federal Risk and Authorization Management Program. More commonly known as FedRAMP, this effort aims to provide a standard way to assess, authorize, and manage the security of various cloud products used by government agencies and contractors.
Public cloud providers, which amass large quantities of computer servers, storage, and networking for use by customers, can point to the tougher federal certification as a sort of clean bill of health to potential government agencies and their contractors.
Get Data Sheet, Fortune’s daily newsletter on the business of technology.
To get this new designation, these three companies had to prove to the feds that their services were secure enough to safely meet new federal requirements intended to protect: “high-impact data, including data that involves protection of life and financial ruin.” That could include such data as Defense Department health records, Internal Revenue Service tax records, and any government-held information that, if stolen or accessed, could hurt the organization overall, its assets, or its employees and their dependents.
The new federal certification efforts grew out of the General Services Administration as part of President Barack Obama’s six-year-old “cloud first” initiative, which seeks to save government money by deploying more data and applications on third-party-operated cloud infrastructure instead of building more government data centers.