DISA releases draft of new cloud security requirements
- By Sean Lyngaas
- Dec 12, 2014
The Defense Information Systems Agency has released a draft of a security requirements guide for cloud computing across the Defense Department. When finalized, the SRG would supersede and rescind current guidance under the Cloud Security Model.
When that guidance is published, cloud providers being assessed against the CSM requirements must comply with the new SRG "in coordination" with their next annual FedRAMP reauthorization, the draft states.
DISA, the agency in charge of the IT infrastructure underpinning DOD missions, has been updating its security guidelines to clarify for commercial cloud providers what it will take to operate sensitive and classified DOD information.
Comments from industry and others interested in the draft SRG are due Dec. 29.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.