From: Armed With Science | The Official U.S. Defense Department Science Blog
Defense Department Chief Information Officer Terry Halvorsen is leading a charge to modernize the department’s information technology-cyber enterprise using every available tool, especially those in commercial markets, a defense official in the CIO’s office said.
David A. Cotton, acting deputy CIO for information enterprise, recently spoke to an audience at the FedScoop 2015 Mobile Gov Summit about how DoD is leveraging the power of commercial IT to give its workforce access to information at the point of need.
***
The Commercial Cloud
In December, Halvorsen published a memo giving updated guidance on commercial cloud acquisition, Cotton added, and his office worked with DISA and the community to develop a related security requirements guide.
“DISA … is now the keeper of the security requirements,” he said, “so they drafted the requirements for using cloud [services] and distilled them down to four levels of security — from public-facing information on a website to Secret.”
DISA published the requirements on the Internet and sought comments, using them to continually refine the requirements.
Cotton said the security aspects are based on the Federal Risk and Authorization Management Program, or FedRAMP, a government-wide program that offers a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
Leave a Reply