Cloud Computing

DOD approves four cloud solutions for department-wide use

Cloud Security

Four cloud service solutions thus far have achieved provisional authorization under additional security controls required by the Defense Department: Autonomic Resources Cloud Platform (ARC-P), CGI Federal's IaaS solution and Amazon Web Services' Government Community Cloud and East/West US Public Cloud.

What that means is that each of the four solutions has been assessed against additional security controls on top of baseline standards they met under the Federal Risk and Authorization Management Program (FedRAMP), allowing them to compete DOD-wide for cloud computing contracts under the Defense Information Systems Agency's Enterprise Cloud Service Broker catalog.

However, these CSPs have been authorized only at DOD Impact Levels 1 and 2, which cover the department's unclassified public and unclassified private information. DISA assigns impact levels to data depending on its type and confidentiality, integrity and availability in categorizations of low-, moderate-, or high-risk under the Federal Information Process Standard Publication (FIPS) 199.

The bulk of DOD's expected cloud savings is expected to occur at Impact Levels 3-5, which signify higher-risk unclassified data, but CSPs have yet to be assessed against these standards.

In an e-mailed statement, DISA Chief Technology Officer David Mihelcic said he anticipates formal assessments at impact levels 3-5 to begin in the second quarter of 2014. Impact Level 6 is designated for classified information only, and draft standards for commercial CSPs to meet have not been formally released yet for that level.

Requirements and criteria for levels 3-5 were made available to industry in December 2013, Mihelcic said. Sources tell FCW one reason for the delay between standards release and potential assessments is that templates drafted by DISA for CSPs to create their Systems Security Plans (SSPs) were held up.

"The CSPs are left basically waiting for the form," the source said.

DOD's cautious path to the cloud is a point of contention among many commercial cloud providers that view such slow efforts as contrary to the Obama administration's Cloud First policy, but some positive signs have come from Pentagon CIO Teri Takai. She recently told the House Armed Services subcommittee that nine CSPs are in the pipeline to provide services to DOD.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.