DOD Memo Clarifies Confusion Over Responsibility of Cloud Providers

The Department of Defense has issued a new memo addressing who will be responsible for ensuring the security of cloud services at FedRAMP moderate level.

Ray Iyer, global head of the public sector at ServiceNow and a past Potomac Officers Club event speaker, said the new DOD memo ensures that the contractor is responsible for ensuring that the cloud service provider has a plan when an incident occurs.

The memo addresses a clause within the Defense Federal Acquisition Regulation Supplement on applying FedRAMP moderate to cloud services. It states that the contractor will be held responsible for reporting a compromise as it oversees the approval of the cloud service provider, Federal News Network reported.

While there are no reasons behind the memo, Grant Schneider, senior adviser to the Alliance for Digital Innovation, said that the DOD needs to explain whether there is an existing risk that prompted the memo’s release.

In February 2023, emails containing sensitive military data hosted on the Microsoft Azure service were exposed to the public for two weeks, allowing anyone to view them even without authorization. Defense Chief Information Officer John Sherman said that the agency aims to address the issue by issuing new cloud security measures.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Speaker News

Join Us Now