Cloud Computing

DOD approves four cloud solutions for department-wide use

Cloud Security

Four cloud service solutions thus far have achieved provisional authorization under additional security controls required by the Defense Department: Autonomic Resources Cloud Platform (ARC-P), CGI Federal's IaaS solution and Amazon Web Services' Government Community Cloud and East/West US Public Cloud.

What that means is that each of the four solutions has been assessed against additional security controls on top of baseline standards they met under the Federal Risk and Authorization Management Program (FedRAMP), allowing them to compete DOD-wide for cloud computing contracts under the Defense Information Systems Agency's Enterprise Cloud Service Broker catalog.

However, these CSPs have been authorized only at DOD Impact Levels 1 and 2, which cover the department's unclassified public and unclassified private information. DISA assigns impact levels to data depending on its type and confidentiality, integrity and availability in categorizations of low-, moderate-, or high-risk under the Federal Information Process Standard Publication (FIPS) 199.

The bulk of DOD's expected cloud savings is expected to occur at Impact Levels 3-5, which signify higher-risk unclassified data, but CSPs have yet to be assessed against these standards.

In an e-mailed statement, DISA Chief Technology Officer David Mihelcic said he anticipates formal assessments at impact levels 3-5 to begin in the second quarter of 2014. Impact Level 6 is designated for classified information only, and draft standards for commercial CSPs to meet have not been formally released yet for that level.

Requirements and criteria for levels 3-5 were made available to industry in December 2013, Mihelcic said. Sources tell FCW one reason for the delay between standards release and potential assessments is that templates drafted by DISA for CSPs to create their Systems Security Plans (SSPs) were held up.

"The CSPs are left basically waiting for the form," the source said.

DOD's cautious path to the cloud is a point of contention among many commercial cloud providers that view such slow efforts as contrary to the Obama administration's Cloud First policy, but some positive signs have come from Pentagon CIO Teri Takai. She recently told the House Armed Services subcommittee that nine CSPs are in the pipeline to provide services to DOD.

About the Author

Frank Konkel is a former staff writer for FCW.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.