DISA streamlines cloud authorizations

Defense Department mission partners and service components can now host DOD Impact Level 2 (IL2) data on FedRAMP-compliant clouds without waiting for an explicit written authorization from DOD.

On Aug. 15, the Defense Information Systems Agency issued a provisional authorization for moderate-baseline workloads to run in clouds authorized by the Federal Risk and Authorization Management Program. The move will streamline cloud migration for mission partners and reduce the steps cloud service providers go through to offer FedRAMP moderate solutions for DOD customers.

“This authorization allows for data designated publically releasable or IL2, to be stored in the cloud on authorized FedRAMP offerings without waiting for DOD to issue a specific authorization document,” said Roger Greenwell, DISA’s risk management executive and authorizing official. “We worked with officials from the DOD, Chief Information Office (CIO), and mission partners on the drafting of the policy, and believe this approach provides significant benefit to both the DOD community as well as the cloud industry."

This reciprocity memo stipulates that FedRAMP moderate services be hosted on data centers located in the United States or its territories and listed in the FedRAMP marketplace, DISA said in its Aug. 16 announcement. CSPs must also have Joint Authorization Board or agency authorization for the cloud service and adhere to continuous monitoring practices. If those authorizations are suspended, so is the reciprocity agreement.  

This article first GCN, a partner site to Defense Systems.