DISA approves AWS for more sensitive workloads
The Defense Information Systems Agency (DISA) has authorized Amazon Web Services as the first commercial cloud approved under DOD’s Cloud Security Model (CSM) at “security impact levels” 3-5 for highly sensitive workloads.
The approval giving AWS DoD Provisional Authorization at tougher security levels will enable the firm’s DOD customers to meet a range of new requirements for protecting data, the firm said, including AWS Direct Connect routing to DoD's network and Common Access Card (CAC) integration.
DoD’ s CSM provides an assessment and authorization process for cloud service providers to gain a DoD Provisional Authorization, which can subsequently be used by DoD customers.
A Provisional Authorization under the CSM provides reusable certification, cutting the time necessary for DoD offices to assess and authorize one of their systems for operation on AWS.
In March, AWS announced its compliance with security impact levels 1-2 for all AWS regions in the U.S., “demonstrating adherence to hundreds of controls.”
AWS DoD customers with prospective Level 3-5 applications can now contact the DoD’s Enterprise Cloud Service Broker (ECSB) to begin the deployment process, according to AWS.
Steven Spano, USAF Brig. Gen (Ret.) and general manager of defense and national security for AWS Worldwide Public Sector, said AWS customers had already begun “driving efficiencies and reducing costs,” using DoD authorization for Impact Levels 1-2.
The firm was “excited to further extend our services to support an even broader set of sensitive workloads,” he added, describing the new Level 3-5 requirements as, “the most stringent reusable authorization the government has issued to date.”
DoD agencies can now use AWS GovCloud’s Provisional Authorization at security levels 3-5 to evaluate AWS for their unclassified applications and workloads, achieve their own authorizations to use AWS, and transition DoD workloads into the AWS environment.
Posted by GCN Staff on Aug 22, 2014 at 10:54 AM