DISA says commercial cloud computing middleman function at IOC


The Defense Information Systems Agency announced April 16 it has achieved initial operational capacity as the commercial cloud computing middleman for the Defense Department--despite its acknowledgment that it has yet to fully approve for DoD use any FedRAMP-authorized commercial cloud service providers.

DISA's announcement comes slightly more than 2 weeks after Navy Department Chief Information Officer Terry Halvorsen said (.pdf) the department would go ahead with commercial cloud deployment on its own terms, rather than waiting for DISA. "Pending further guidance from the DoD CIO, the DON must move forward," Halvorsen wrote in a memo.

DISA in its announcement says that reaching IOC means that it has "the framework in place for executing this mission." It has, among other things, an enterprise cloud service catalog, a security model, and processes for things such as selecting evaluation criteria, the agency says.

It has yet to approve for DoD use two services that have gained provisional authorization under Federal Risk and Authorization Management Program--more commonly known as FedRAMP. FedRAMP examines commercial offering compliance with federal cybersecurity standards, although the authorization extended to successful companies isn't binding on agencies.

DISA approval of those two services "is imminent," DISA says.

For more:
- read DISA's announcement of cloud broker IOC
- download Halvorsen's April 1 memo on the DON approach to cloud computing (.pdf)

Related Articles:
DISA puts millionth user onto DoD enterprise email
DSB task force urges security mandates for DoD cloud computing
GSA to privatize 3PAO accreditation process in FedRAMP