Amazon cloud receives DOD security stamp of approval
- By Rutrell Yasin
- Mar 27, 2014
Amazon Web Services’ cloud computing services meet the Defense Department's stringent security and compliance requirements, according to DOD, paving the way for more defense agencies to run workloads on AWS’s cloud.
AWS received a DOD Provisional Authorization under the department’s Cloud Security Model for Impact Levels 1 and 2. Amazon’s four AWS infrastructure regions in the United States, including AWS GovCloud, received the approval.
Many defense agencies, including the Navy and U.S. Air Force, already use AWS services, but the provisional authorization will now reduce the time it takes for DOD agencies to evaluate and authorize use of the AWS Cloud, Amazon officials said.
Built on the foundation of the Federal Risk and Authorization Management Program (FedRAMP), the DOD cloud services model includes additional security controls specific to defense agencies. FedRAMP provides a standard approach to security assessment, authorization and monitoring for cloud products and services across the federal government.
AWS used its existing FedRAMP Agency Authority to Operate with the Health and Human Services Department to comply with DOD’s cloud security requirements. The Defense Information Systems Agency, the DOD’s cloud broker, assessed AWS’s compliance with an overlay of requirements specific to the DOD.
The assessment and authorizations have been registered in the DOD Enterprise Cloud Service Catalog, which allows DOD agencies to evaluate AWS’ security and gives them the opportunity to store, process, and maintain a diverse array of DOD data within the AWS cloud, company officials said.
Autonomic Resources was the first cloud service provider to receive the DOD security approval early last year for its Autonomic Resources Cloud Platform, which provides infrastructure as a service offerings. DOD built upon Autonomic Resources’ FedRAMP Joint Authorization accreditation.
DISA officials want to authorize more commercial cloud service providers using the cloud security model. DISA has launched a series of pilot programs between various DOD agencies and cloud service providers to boost the use of cloud computing services within DOD, FCW reported earlier this year.
Once an agency procures the pilot cloud service, the agency and DISA will meet regularly to assess the pilot and its effectiveness. Any DOD organization can sponsor a pilot effort coordinated with DISA, and there is “no fixed duration” for the pilot period, FCW reported.
The Cloud Broker Program Management Office, with support from the DISA Mission Assurance Executive team, has oversight responsibilities on the pilot.
Rutrell Yasin is is a freelance technology writer for GCN.