At AWS re:Invent 2022, AWS announced the Continuity of Government IT (CGIT) program. It received less coverage than the headline announcements but was operationally significant for federal, state, and local agencies whose continuity planning has historically been dominated by paper documents rather than tested operational reality.
This post is about what CGIT actually is, what it changes for agency continuity planning, and how the three engagement levels map to real institutional resilience needs.
What CGIT Is
CGIT is an AWS engagement model designed to help government agencies build IT resilience against the risks that disrupt government operations: natural disasters, cyberattacks, infrastructure failures, and the long tail of operational disruptions that paper continuity plans typically do not actually defend against.
The program structures continuity engagement in three tiers, each appropriate for a different level of operational criticality.
Tier 1: Cloud Backup
The baseline tier. Critical agency datasets are backed up to AWS, in one or more regions selected by the agency, with the operational practices required to satisfy compliance reviews: encryption, retention policies, restoration testing, audit-ready documentation.
What this tier protects against: localized data loss (data center fire, ransomware encryption of on-premises systems, accidental deletion). The data is recoverable. The systems that depend on the data may take time to rebuild, but the data itself survives.
Where Tier 1 is the right level: for the majority of administrative agency workloads where data preservation is the primary continuity concern. Most agencies should have Tier 1 in place for everything that matters.
Tier 2: Pre-Planned Migration
The middle tier. Critical services have documented migration plans to AWS that can be executed under crisis conditions. The migration plans are tested periodically. When a disruption occurs, the agency executes a pre-planned cutover rather than improvising.
What this tier protects against: sustained outage of on-premises infrastructure. The agency's services come back online in AWS within a defined recovery time, rather than waiting for the on-premises infrastructure to be restored.
Where Tier 2 is the right level: for services that need to come back online within hours to a small number of days, where the agency can tolerate a brief disruption but not a prolonged one.
The operational discipline that makes Tier 2 work is the part agencies typically underinvest in: actually testing the migration plan periodically. A migration plan that has not been executed end-to-end in the past 12 months is not a continuity plan; it is hopeful documentation.
Tier 3: Active Cloud Standby
The highest tier. Critical services run actively in AWS, with the on-premises infrastructure as the primary or secondary depending on the agency's design. Failover between the two is automated. There is no migration to execute under crisis; the AWS environment is already running and ready to take over.
What this tier protects against: disruption requirements measured in minutes rather than hours. Emergency services, public safety systems, and national security workloads often need this level.
Where Tier 3 is the right level: for services whose disruption directly affects citizen safety or national-security operations. The number of workloads at this tier should be small; the operational cost is meaningful.
Why This Matters Operationally
Three structural problems with traditional government continuity planning:
Plans that have never been tested. Most agency continuity plans have been written, reviewed, and approved without ever being executed end-to-end. The first time the plan runs is during a real crisis, which is the worst possible test environment.
Plans that depend on personnel who have moved on. A continuity plan written by an IT director three years ago may depend on tribal knowledge that has left the agency. The plan reads correctly; nobody currently on staff knows how to execute it.
Plans that do not match current infrastructure. Agency infrastructure changes continuously. The continuity plan written against the 2019 infrastructure may not match what's running in 2023. Mismatched continuity plans fail in ways that surprise the team during execution.
CGIT's structural contribution is treating continuity as an operational engagement that gets exercised, not as a document that gets filed. The tiered structure forces explicit decisions about which services need which level of resilience, which forces explicit operational practices around each tier.
How CGIT Integrates With Existing Compliance Frameworks
For agencies under NIST 800-53, FedRAMP, or state-equivalent frameworks, CGIT does not replace existing compliance work. It maps onto specific control families:
- Contingency Planning (CP family) controls are operationalized through the CGIT tier the workload sits in.
- Configuration Management (CM family) controls cover the AWS-side infrastructure that supports the continuity tier.
- Incident Response (IR family) controls cover the response procedures that activate when a continuity event occurs.
The CGIT engagement produces audit-ready documentation that satisfies these control families. For agencies whose previous continuity documentation was thin on operational evidence, this is a meaningful improvement.
What This Looks Like in Practice
For managed Drupal hosting for government and similar long-running public-sector workloads, the continuity discipline that works in practice:
- Tier 1 always. Production data backed up to AWS with restoration testing on a documented cadence.
- Tier 2 for citizen-facing services that the agency would have to restore quickly under disruption. Documented migration plans, periodic test executions.
- Tier 3 only for workloads that explicitly require it. Emergency services, public safety systems, election infrastructure during election cycles.
The agencies that operate continuity well are not the ones with the longest plans. They are the ones with the most tested ones. CGIT makes that distinction structural rather than aspirational.
Frequently Asked Questions
Is CGIT only for federal agencies?
No. CGIT is structured for any government agency. State and local agencies use it. International government adoption has grown since the launch.
What is the cost of a CGIT engagement?
The cost depends on the tier and scope. Tier 1 is typically the lowest cost (cloud backup of defined datasets). Tier 3 is the highest cost (active standby infrastructure running continuously). The operational cost of the engagement should be evaluated against the cost of the disruption it prevents.
Does CGIT replace traditional disaster recovery planning?
It complements rather than replaces. Traditional disaster recovery planning covers the full scope of agency operations. CGIT focuses on the IT-resilience component specifically and provides AWS-side infrastructure and operational practice for it.
How does CGIT interact with FedRAMP authorization?
CGIT engagements run on AWS GovCloud or commercial AWS depending on the workload's authorization requirements. The CGIT operational practices are designed to satisfy the contingency planning controls in NIST 800-53 that flow through FedRAMP authorization.