Cloud

Halvorsen formalizes new DOD cloud procurement policy

Terry Halvorsen

Acting Defense Department CIO Terry Halvorsen's memo reverses the cloud policy put in place by his predecessor, Teri Takai.

Acting Defense Department CIO Terry Halvorsen has issued a memo outlining the Pentagon’s new cloud procurement policy, formally allowing the military services and other DOD agencies to procure commercial cloud services rather than leaving that authority to the Defense Information Systems Agency.

The Dec. 15 memo codifies a long-expected policy change and marks a significant break from the approach taken by Halvorsen’s predecessor, Teri Takai.

The new policy is meant to hasten DOD’s move to the commercial cloud while also retaining control of important security requirements for sensitive information. "I think some just criticism of the department has been we have not moved out into the cloud fast enough," Halvorsen said in September.

Halvorsen's Dec. 15 memo cancels a June 2012 memo issued by Takai that designated DISA as DOD's enterprise cloud broker. It also requires each DOD agency to assess its use of cloud services through a business case analysis template that must be approved by the agency CIO. The template gives DOD agencies a common means of justifying their procurements based on cost, security and interoperability.

The new policy requires commercial cloud services working with sensitive unclassified DOD data to go through a "cloud access point" approved by the DOD CIO. A CAP is like a firewall meant to insulate other parts of DOD from a security issue affecting a particular cloud service provider. The memo points to the current Navy CAP as one that has been approved.

The new memo also elaborates briefly on a draft of a security requirements guide that DISA recently issued. The draft security guide, which goes a step beyond Federal Risk Authorization and Management Program requirements in covering more sensitive data for commercial and DOD cloud providers, is meant to be an "evolving" and "collaborative document between the government and private sector that recognizes the rapid technology and business changes in the cloud services environment," the memo states.

In January, Deputy CIO for Cybersecurity Richard Hale will host a meeting to get feedback on the draft from "our government, private and public partners in the cloud environment," it adds.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.