Cloud Computing

DOD approves four cloud solutions for department-wide use

Cloud Security

Four cloud service solutions thus far have achieved provisional authorization under additional security controls required by the Defense Department: Autonomic Resources Cloud Platform (ARC-P), CGI Federal's IaaS solution and Amazon Web Services' Government Community Cloud and East/West US Public Cloud.

What that means is that each of the four solutions has been assessed against additional security controls on top of baseline standards they met under the Federal Risk and Authorization Management Program (FedRAMP), allowing them to compete DOD-wide for cloud computing contracts under the Defense Information Systems Agency's Enterprise Cloud Service Broker catalog.

However, these CSPs have been authorized only at DOD Impact Levels 1 and 2, which cover the department's unclassified public and unclassified private information. DISA assigns impact levels to data depending on its type and confidentiality, integrity and availability in categorizations of low-, moderate-, or high-risk under the Federal Information Process Standard Publication (FIPS) 199.

The bulk of DOD's expected cloud savings is expected to occur at Impact Levels 3-5, which signify higher-risk unclassified data, but CSPs have yet to be assessed against these standards.

In an e-mailed statement, DISA Chief Technology Officer David Mihelcic said he anticipates formal assessments at impact levels 3-5 to begin in the second quarter of 2014. Impact Level 6 is designated for classified information only, and draft standards for commercial CSPs to meet have not been formally released yet for that level.

Requirements and criteria for levels 3-5 were made available to industry in December 2013, Mihelcic said. Sources tell FCW one reason for the delay between standards release and potential assessments is that templates drafted by DISA for CSPs to create their Systems Security Plans (SSPs) were held up.

"The CSPs are left basically waiting for the form," the source said.

DOD's cautious path to the cloud is a point of contention among many commercial cloud providers that view such slow efforts as contrary to the Obama administration's Cloud First policy, but some positive signs have come from Pentagon CIO Teri Takai. She recently told the House Armed Services subcommittee that nine CSPs are in the pipeline to provide services to DOD.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Veterans Affairs
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA health record go-live pushed back to July

    The Department of Veterans Affairs is delaying a planned initial deployment of its $16 billion electronic health record project by four months, but is promising added functionality at the go-live date.

  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.