Cloud Computing

DOD approves four cloud solutions for department-wide use

Cloud Security

Four cloud service solutions thus far have achieved provisional authorization under additional security controls required by the Defense Department: Autonomic Resources Cloud Platform (ARC-P), CGI Federal's IaaS solution and Amazon Web Services' Government Community Cloud and East/West US Public Cloud.

What that means is that each of the four solutions has been assessed against additional security controls on top of baseline standards they met under the Federal Risk and Authorization Management Program (FedRAMP), allowing them to compete DOD-wide for cloud computing contracts under the Defense Information Systems Agency's Enterprise Cloud Service Broker catalog.

However, these CSPs have been authorized only at DOD Impact Levels 1 and 2, which cover the department's unclassified public and unclassified private information. DISA assigns impact levels to data depending on its type and confidentiality, integrity and availability in categorizations of low-, moderate-, or high-risk under the Federal Information Process Standard Publication (FIPS) 199.

The bulk of DOD's expected cloud savings is expected to occur at Impact Levels 3-5, which signify higher-risk unclassified data, but CSPs have yet to be assessed against these standards.

In an e-mailed statement, DISA Chief Technology Officer David Mihelcic said he anticipates formal assessments at impact levels 3-5 to begin in the second quarter of 2014. Impact Level 6 is designated for classified information only, and draft standards for commercial CSPs to meet have not been formally released yet for that level.

Requirements and criteria for levels 3-5 were made available to industry in December 2013, Mihelcic said. Sources tell FCW one reason for the delay between standards release and potential assessments is that templates drafted by DISA for CSPs to create their Systems Security Plans (SSPs) were held up.

"The CSPs are left basically waiting for the form," the source said.

DOD's cautious path to the cloud is a point of contention among many commercial cloud providers that view such slow efforts as contrary to the Obama administration's Cloud First policy, but some positive signs have come from Pentagon CIO Teri Takai. She recently told the House Armed Services subcommittee that nine CSPs are in the pipeline to provide services to DOD.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.