Cloud

DOD updates cloud requirements guide

cloud security

Defense Department IT officials have released an update to a cloud security requirements guide that governs commercial cloud offerings for DOD missions up to the secret level.

The SRG helps determine whether defense officials grant commercial cloud firms a provisional authorization to host DOD data. This is the second iteration of the SRG, and it is based on feedback from the first version, released in January 2015.

The Defense Information Systems Agency and the DOD CIO's office -- the two organizations that issue the SRG -- are still interested in feedback on the document.

"This ongoing public comment period will allow our mission partners to offer changes as they become necessary," said Robert Vietmeyer, associate director for cloud computing and agile development in the DOD CIO's office. "This is in direct support of the DOD CIO's vision of 'agile policy development.'"

DISA also published a history of revisions made to the SRG to track changes to the guidelines. For example, officials removed a section on classified data beyond the Level 6 secret level from the first version of the SRG to "alleviate confusion and any potential inaccuracy."

The SRG is part of an ongoing effort by Pentagon IT leaders to better define what cloud computing means for defense missions. That definition can affect how cloud services are implemented. A DOD inspector general audit conducted from December 2014 to October 2015 found that the lack of a standard definition for cloud computing across the department was undercutting the CIO's effort to deploy cloud services.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.