The Inner Circle

 View Only
Expand all | Collapse all

DISA / Department of Defense Cloud Computing Security Requirements Version 1 R4

  • 1.  DISA / Department of Defense Cloud Computing Security Requirements Version 1 R4

    Posted Jan 20, 2022 11:45:00 AM
      |   view attached
    Hi All,

    DOD recently published Department of Defense Cloud Computing Security Requirements Version 1 R 4 20220114

    The Cloud Computing (CC) Security Requirements Guide (SRG) outlines the security model by which DoD will leverage cloud computing, along with the security controls and requirements necessary for using cloud-based solutions. The CC SRG applies to DoD-provided cloud services and those provided by a contractor on
    behalf of the department, i.e., a commercial cloud service provider or integrator. Cloud computing technology and services provide the DoD with the opportunity to deploy an
    enterprise cloud environment aligned with federal government-wide information technology (IT) strategies and efficiency initiatives. Cloud computing enables the department to consolidate infrastructure, leverage commodity IT functions, and eliminate functional redundancies while improving the continuity of operations. The overall success of these initiatives depends on well-executed security requirements, defined and understood by both DoD components and industry. Consistent implementation and operation of these requirements ensure mission execution, provide sensitive data protection, increase mission effectiveness, and ultimately result in the outcomes and operational efficiencies the DoD seeks.

    The December 15, 2014, DoD chief information officer memo Updated Guidance on the Acquisition and Use of Commercial Cloud Computing Services defines DoD component responsibilities when acquiring commercial cloud services. The memo allows components to responsibly acquire cloud services minimally in accordance with the security requirements outlined in Federal Risk and Authorization Management Program (FedRAMP) and this CC SRG


    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------


  • 2.  RE: DISA / Department of Defense Cloud Computing Security Requirements Version 1 R4

    Posted Feb 10, 2022 03:17:00 PM

    Thanks for bringing this to our attention, Michael. Though I don't feel the need to get involved in NIST efforts within the key management arena, the DISA SRG is a government document that I've submitted feedback for, and it was on the subject of encryption and key management. The CKM Working Group had a long discussion about this topic during our most recent meeting and I would like to see the Working Group craft an advisory message to DISA regarding the document. 

    Based upon the discussion I would like to get a wider set of viewpoints to chime in, and I think I'll need to draft the advisory message for everyone to see and speak up about.

    I always appreciate the "news of the world of key management" you send to the Working Group and the Circle community.

    Thanks!

    Paul



    ------------------------------
    Paul Rich CIPP/US CIPP/G
    Executive Director
    WA
    ------------------------------