Data transfer in the cloud

DISA streamlines cloud authorizations

Defense Department mission partners and service components can now host DOD Impact Level 2 (IL2) data on FedRAMP-compliant clouds without waiting for an explicit written authorization from DOD.

On Aug. 15, the Defense Information Systems Agency issued a provisional authorization for moderate-baseline workloads to run in clouds authorized by the Federal Risk and Authorization Management Program. The move will streamline cloud migration for mission partners and reduce the steps cloud service providers go through to offer FedRAMP moderate solutions for DOD customers.

“This authorization allows for data designated publically releasable or IL2, to be stored in the cloud on authorized FedRAMP offerings without waiting for DOD to issue a specific authorization document,” said Roger Greenwell, DISA’s risk management executive and authorizing official. “We worked with officials from the DOD, Chief Information Office (CIO), and mission partners on the drafting of the policy, and believe this approach provides significant benefit to both the DOD community as well as the cloud industry."

This reciprocity memo stipulates that FedRAMP moderate services be hosted on data centers located in the United States or its territories and listed in the FedRAMP marketplace, DISA said in its Aug. 16 announcement. CSPs must also have Joint Authorization Board or agency authorization for the cloud service and adhere to continuous monitoring practices. If those authorizations are suspended, so is the reciprocity agreement.  

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.