Pentagon Office Calls for Independent Assessment Provision in Cloud Contracts

The Department of Defense’s Office of the Director, Operational Test and Evaluation wants cloud contracts to be renegotiated to include independent cyber assessments. The office also wants future contracts to include a provision that will allow the Pentagon to independently assess cloud infrastructure.

DOT&E said in its fiscal year 2021 report that it will continue to work with cloud service providers to determine risks to commercial cloud infrastructure and how they could affect the department. The report noted that the Pentagon is increasing its use of commercial cloud solutions to store sensitive and classified data.

The report noted that current cloud contracts do not allow the DOD to assess infrastructure security, FCW reported Thursday.

Another recommendation from the office is for the Pentagon to conduct tests on cyber tools before they get deployed. The department must assess effectiveness, usability and potential vulnerabilities to ensure that it will get the most out of what it buys.

Months before the result was released, DOT&E chief Nickolas Guertin told Congress that the Pentagon’s inability to assess commercial cloud infrastructure limited the ability of the systems to withstand cyberattacks. The Government Accountability Office also reported in March 2021 that DOD’s acquisition contracts for weapon systems often had lapses in cybersecurity.