Pulse

By GCN Staff

Blog archive

DISA approves AWS for more sensitive workloads

The Defense Information Systems Agency (DISA) has authorized Amazon Web Services as the first commercial cloud approved under DOD’s Cloud Security Model (CSM) at “security impact levels” 3-5 for highly sensitive workloads.

The approval giving AWS DoD Provisional Authorization at tougher security levels will enable the firm’s DOD customers to meet a range of new requirements for protecting data, the firm said, including AWS Direct Connect routing to DoD's network and Common Access Card (CAC) integration.

DoD’ s CSM provides an assessment and authorization process for cloud service providers to gain a DoD Provisional Authorization, which can subsequently be used by DoD customers.

A Provisional Authorization under the CSM provides reusable certification, cutting the time necessary for DoD offices to assess and authorize one of their systems for operation on AWS.

In March, AWS announced its compliance with security impact levels 1-2 for all AWS regions in the U.S., “demonstrating adherence to hundreds of controls.”

AWS DoD customers with prospective Level 3-5 applications can now contact the DoD’s Enterprise Cloud Service Broker (ECSB) to begin the deployment process, according to AWS.

Steven Spano, USAF Brig. Gen (Ret.) and general manager of defense and national security for AWS Worldwide Public Sector, said AWS customers had already begun “driving efficiencies and reducing costs,” using DoD authorization for Impact Levels 1-2.

The firm was “excited to further extend our services to support an even broader set of sensitive workloads,” he added, describing the new Level 3-5 requirements as, “the most stringent reusable authorization the government has issued to date.”

DoD agencies can now use AWS GovCloud’s Provisional Authorization at security levels 3-5 to evaluate AWS for their unclassified applications and workloads, achieve their own authorizations to use AWS, and transition DoD workloads into the AWS environment.

Posted by GCN Staff on Aug 22, 2014 at 10:54 AM


Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.