DISA Ensures Cloud Technologies, Provider Security With New Guidance

The Defense Information Systems Agency has released guidance on ensuring cloud computing security, helping Department of Defense mission owners or program managers implement security concepts in their cloud environments.

The guidance is divided into two parts, one for mission owners and the other for cloud service providers. Under the “Cloud Service Provider Security Requirements Guide,” the Pentagon defines the requirements for using commercial cloud services within the DOD and creates a basis for assessing the security posture of a DOD or non-DOD cloud provider, among other things, the DOD said.

In the mission owner version of the guidance, the DOD mandates program managers to carefully select CSP offerings that meet the requirements set by the Defense Department.

The Pentagon has been turning to cloud technologies to modernize its network in the last few months. In January, it issued a memo clarifying the responsibility of security cloud services at the FedRAMP moderate level, highlighting a clause within the efense Federal Acquisition Regulation Supplement stating that the contractor has full responsibility for reporting technology compromises.