Events, news, technologies and products about cyber security
Thursday, March 27, 2014
[defensesystems] Amazon cloud gets DOD authorization
The Defense Department, which has been pushing to take advantage of cloud computing, has granted Amazon Web Services provisional authorization to deliver its cloud services to DOD components, Amazon announced.
The authorization applies to all four of AWS’s U.S. regions, including its GovCloud region, and covers Impact Levels 1 and 2 of the Defense Information Systems Agency’s five-part scale of risk factors. Levels 1 and 2 cover the low-risk unclassified public and private information.
Although AWS is used by the Navy, Air Force and other military components, the provisional authority greases the wheels for wider use within DOD. The federal government has been moving toward greater use of cloud services, though the military has been more cautious than civilian agencies, primarily because of security concerns.
The Federal Risk and Authorization Management Program sets a baseline for the security of cloud services, and 15 services so far have been granted provisional or agency authority to operate under the program. DOD’s Cloud Security Model (CSM) is built on FedRAMP but with additional security controls specific to DOD. In November, Autonomic Resources became the first cloud provider to receive DOD provisional authority, for its infrastructure as a service offering.
The idea behind FedRAMP and CSM is to save time and money on evaluating cloud products by having a central authority test them for compliance, rather than have individual agencies run their own tests.