Department of Defense (Dod) And Cloud Computing
Through cloud computing services and technology, the Dod is able to set up an enterprise cloud that is in line with department-wide federal-level IT efficiency programs and plans. Cloud computing facilitates consolidation of infrastructure, leveraging of commodity information technology services, and elimination of operational redundancies, whilst simultaneously boosting operational continuity. These programs' success, on the whole, is reliant on well-implemented security requirements that are delineated and comprehended by Dod Components as well as industry. Consistent application and functioning of the abovementioned requirements guarantees mission execution, offers protection to sensitive information, enhances success of the mission, and eventually leads to the operational efficiencies and results sought by the Dod (DISA, 2016 ).
A memo by the defense department's Chief Information Officer, dated December 15, 2014, with regard to up-to-date guidance in the area of acquiring and using commercial services in cloud computing defines the responsibilities of the Dod Component when availing themselves of enterprise cloud services. This memo enables responsible minimal acquisition of cloud services by components, according to security requirements delineated in the Fedramp (Federal Risk and Authorization Management Program) and the CC SRG (Cloud Computing Security Requirements Guide). Earlier, the DISA (Defense Information Systems Agency) presented concepts to operate in the business cloud in its Cloud Security Model (CSM), whose first version described the general framework and offered early guidance on the area of public data. A subsequent version (v. 2.1) also incorporated the subject of Controlled Unclassified Information. CC SRG covers cloud security conditions in a similar format to the remaining DISA-issued SRGs. This particular SRG covers, displaces, and repeals the CSM that was issued earlier (DISA, 2016 ).
Based on using the NIST definitions, is it a private, public, hybrid cloud?
DoD's cloud is private, with services offered for the department exclusively. It supports a number of department- sponsored or department tenants within a single cloud. The Dod has the final authority over cloud service usage, and all non-Dod service utilization has to be Dod -sanctioned and -sponsored. Resources that offer cloud services have to be reserved for the department's use. They should be physically separated from those that are not reserved for the Dod. The defense department's business service programs that are classified as Saas cloud services (e.g., DCO (Defense Connect Online), DEE (Defense Enterprise Email), DEPS (Dod Enterprise Portal Service)), have to comply with Dodi 8510.01 prerequisites as well. These programs do not have to be assessed by means of Fedramp, nor do they share department ATOs (authorization to operate) with Fedramp's secure store (DISA, 2016 ).
How does the Department of Defense map to the essential characteristics of cloud defined in the attached NIST?
You’re 63% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.