Defense

DISA took its time with its latest cloud security guide

The Defense Information Systems Agency has issued a long-awaited updated to its cloud security guide, further refining the process by which DISA plans to assess cloud service providers beyond the guidelines laid out in the Federal Risk and Authorization Management Program, or FedRAMP.

By Greg Otto

March 29, 2016

The Defense Information Systems Agency has issued a long-awaited update to its cloud security guide, further refining the process by which DISA plans to assess cloud service providers beyond the guidelines laid out in the Federal Risk and Authorization Management Program, or FedRAMP.

DISA has taken more than a year to provide refinements to the guide, which was initially released in January 2015. Among the changes are further revisions that differentiate the six impact levels to help evaluate how sensitive a given set of data is.

Additionally, the new version of the guide clarifies how cloud service providers are assessed beyond FedRAMP, including enhancements to FedRAMP Plus, while also making tweaks to privacy protocols.

“The new version fittingly represents the evolution we are going through to refine our processes and better position the department to enable secure options to migrate systems and data to the cloud,” said DISA CIO John Hickey.

The guide was also released with a published revision history, showing how the document has evolved over the past year. An Excel spread, referred to as a “comment matrix” has also been included to allow further feedback.

“This on-going public comment period will allow our mission partners to offer changes as they become necessary,” said Robert Vietmeyer, associate director for cloud computing and agile development in the enterprise capabilities directorate at the DOD CIO’s office. “This is in direct support of the DOD CIO’s vision of ‘agile policy development.’”

The memo, revision history and comment matrix can be found on DISA’s website.

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

DISA took its time with its latest cloud security guide

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

With updated IT strategic plan, USAID tech is a driver of mission, not compliance, CIO says

Top Stories

State Department encouraging workers to use ChatGPT

Congressional panel outlines five guardrails for AI use in House

Federal CIO calls on Congress to fund Technology Modernization Fund

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

More Scoops

DISA director praises agency’s adoption of cloud and agile development

Final, cloud TIC 3.0 use case expected in months

DISA awards $11B Defense Enclave Services contract to Leidos

Oracle cloud authorized to host top secret data for DOD

2021 in review: Out with JEDI, in with JWCC

DISA is ending milCloud 2.0 in June

DISA’s new HaCC office reflects hybrid cloud reality for DOD

Latest Podcasts

DISA took its time with its latest cloud security guide

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition