AWS says OpenAI, NVIDIA Bedrock models gained FedRAMP High, IL-4/5 approval

OpenAI GPT OSS and NVIDIA Nemotron were already in the Bedrock GovCloud catalog after AWS added GPT OSS 120B and 20B and Nemotron Nano 9B v2, Nano 12B v2, Nano 30B and Super 120B in April (https://aws.amazon.com/about-aws/whats-new/2026/04/openai-gpt-oss-nvidia-nemotron-govcloud/). The June 25 change is the approval status: AWS says OpenAI GPT, OpenAI GPT OSS and NVIDIA Nemotron are now FedRAMP High and Department of Defense Cloud Computing Security Requirements Guide Impact Level 4 and 5 approved inside AWS GovCloud (US), for customers whose workloads require those bars.

For procurement and security teams, the concrete change is in model selection and authorization evidence. A GovCloud Bedrock design can now point to those model families in AWS’s Bedrock authorization status instead of routing every approved use case to another model family (https://aws.amazon.com/compliance/services-in-scope/FedRAMP/amazon-bedrock-models/). The operational detail AWS highlights is Mantle: serverless inference, zero operator access, automated capacity management and compatibility with OpenAI API specifications.

This is still a vendor notice, not a free compliance pass. FedRAMP High and DoD CC SRG IL-4/5 approval for model access gives agencies a cleaner path to evaluate generative AI in GovCloud. It leaves the customer-side work intact: selecting the authorized region and model, documenting the surrounding Bedrock configuration, and checking GovCloud data-handling limits. AWS’s GovCloud documentation separately says some customer-defined metadata may leave GovCloud only when the customer asks AWS to investigate an issue, and Bedrock model evaluation metadata may not contain export-controlled data (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-bedrock.html).