For more than two years, the Defense Department has had procedures in place that, at least on paper, allow its sensitive data be housed in commercial cloud computing facilities. But migrations to the cloud have been relatively few and far between for anything besides public, unclassified data.
Thats partially because for impact levels 4 and above, not only do providers have to earn authorizations that go above-and-beyond the governmentwide FedRAMP process, any data they process also has to make its way through a DoD-provided Cloud Access Point (CAP).
The department is taking a fresh look at that latter point, saying its current CAP policies may be creating an unnecessary roadblock to DoDs cloud ambitions. As of now, there are only two access points in existence one run by the Defense Information Systems Agency and one by the Navy.
Dr. John Zangardi, the departments acting chief information officer said hes asked his office to revisit the policy with an eye toward letting commercial cloud vendors provide a CAP-like capability on their own.
Sponsored Content - Download our Executive Briefing to learn how agency and industry experts are hoping to reduce insider threats.
Its my job to ensure the most effective IT support to the warfighter and to make best use of resources, so the question to my staff is, How can we do CAP better? he said last week at the Defense Cyber Operations Summit in Baltimore, Md. Specifically, can it be provided as a service? Its a significant question, but if it is resolved, it should open opportunities for services and components to move more quickly to commercial cloud providers.
DoDs current policy on access points is laid out in the security requirements guide (SRG) it published in April 2015 and last updated in March of this year. It requires all network traffic thats making its way between DoD systems and a commercial cloud provider to pass through government-operated monitoring systems firewalls and other intrusion prevention systems even when the cloud providers system is operating entirely within a DoD facility.
The overall objectivewill remain the same: giving some reasonable level of assurance that Defense networks cant be penetrated viatheir connections to cloud providers, since most commercial cloud facilities are connected to the public Internet in some fashion, Zangardi said. He said the latest SRG will be updated to reflect any changes in DoDs thinking when we get that far.
Cloud access points are among the issues likely to be raised later this week when DoD hosts an industry day to hash out the issues surrounding a final cybersecurity-focused contracting rule the department issued last October after nearly a year of public comment and revisions.
The final, updated version failed to address industrys concerns, and their representatives have been asking for a face-to-face meeting ever since.
The final version of the update to the Defense Federal Acquisition Regulation Supplement sweeps in what had been two separate interim rules. One portion requires contractors to report any data breaches involving Defense information within 72 hours and implement the National Institute of Standards and Technologys new guidelines for protecting controlled unclassified information by the end of 2017.
A second makes plain that vendors must comply with the controls in DoDs cloud SRG as a condition of their contracts, but goes a few steps further, including demanding that government personnel be allowed to physically enter cloud hosting facilities to conduct audits or inspections.
Thats because according to a 27-page FAQ the department issued earlier this year its interpretation of the Federal Information Security Management Act dictates that it treat any ITsystem thats operated on DoDs behalf as though it were a government operation.
Both before and after the issuance of the final rule, industry officials have expressed confusion over how the new rule fits in with a host of other provisions the government added to the Federal Acqusition Regulation at about the same time including one by the National Archives and Records Administration that set governmentwide definitions for what constitutes controlled unclassified information, and another new FAR provision that requires all federal contractors to come into compliance with at least some of NISTs guidelines for protecting CUI.
Our objective at this meeting is to clarify some foundational questions, Zangardi said. What are the clauses? What is Covered Defense Information? How is it identified and marked? How does the rule work in the cloud computing environment? It should be a substantive, productive discussion.
See original here:
DoD reexamining cloud policies to remove bottleneck for sensitive data - FederalNewsRadio.com
- Box for Android - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- eUKhost - eNlight Cloud Hosting! - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Computing -- Oracle is Ready to Take You There - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- What is Cloud Computing? - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Webinar - Cloud Computing: Why You Should Care - 2010-10-14 - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- What is Cloud Hosting? - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Computing Misconceptions and Benefits - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Hosting and How it is Set to Change Internet Commerce - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Awesome Cloud Computing Explained with Animation - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Rackspace Cloud Race - UK cloud hosting - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Improved Cloud Service Delivery And Hosting | IBM - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Computing Explained - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Software companies turn to Savvis for cloud hosting and other SaaS services - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Sky News Tech Report on Cloud Computing - Macquarie Telecom Interview - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- BitNami Cloud Hosting Demo - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Fully managed Cloud Computing solution using your current IT infrastructure (Closed Caption) - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Hosting Server Provisioning - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- iomart Hosting Provides Cloud Storage and Backup for new Branding Network [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Harris plans to stop offering remote cloud hosting [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- iomart Hosting provides cloud storage and backup for new UK branding network [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- DynamicOps Debuts "Fastest Path to Cloud" Seminar and Webinar [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Harris Corporation to Discontinue Cyber Hosting Operation; Will Continue Providing Advanced Cyber Security and Cloud ... [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Tutorial! Amazon Cloud Minecraft Server Hosting! - Video [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- MachPanel 4.3 - SaaS and Cloud Hosting Control Panel for Windows - Video [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Webair Carrier Neutral Cloud: Open Network Access in the Cloud [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- iomart Hosting Takes UK Digital Media Agency Into the Cloud [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- FireHost Grows Executive Team on Heels of European Expansion; Appoints Jim Ciampaglio as Sr. Vice President of Global ... [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- INetU Managed Hosting is SOC 2 and SOC 3 Compliant [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Web Host Webair Adds Carrier Neutral Cloud Services [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- FireHost Appoints Jim Ciampaglio as Sr. Vice President of Global Sales and Marketing [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- BitRock CEO on BitNami Cloud Hosting - Video [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Harris kills remote hosting service as customers shun cloud storage [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Understand Cloud computing in 60secs - Video [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Systech Integrators® Forms Strategic Relationship With Rackspace Hosting® to Offer Cloud Hosting Services for SAP® ... [Last Updated On: March 1st, 2012] [Originally Added On: March 1st, 2012]
- Dedicated & Cloud Hosting Provider Codero Names Industry Veteran Emil Sayegh, President & CEO [Last Updated On: March 1st, 2012] [Originally Added On: March 1st, 2012]
- Cloud Computing and Technology Mobility - Video [Last Updated On: March 1st, 2012] [Originally Added On: March 1st, 2012]
- Cloud Hosting Providers - Video [Last Updated On: March 3rd, 2012] [Originally Added On: March 3rd, 2012]
- Online Education Innovator Gives Virtual Internet Cloud Services an A+ [Last Updated On: March 3rd, 2012] [Originally Added On: March 3rd, 2012]
- SingleHop Introduces the Hosting Industry's First Customer Bill of Rights [Last Updated On: March 6th, 2012] [Originally Added On: March 6th, 2012]
- Cloud Services Provider Intermedia Launches Integrated Partner Program [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Cloud Services Provider Intermedia Now Offering Microsoft Office 365 [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Inside IT Cloud Computing Security - Video [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Lansing Cloud Host Introduces Faster ‘Storm SSD’ [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Leading Industry Analyst Firm positions Hosting.com as a Challenger in Managed Hosting Magic Quadrant [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- Hosting.com Positioned as Challenger in Managed Hosting in Gartner's Magic Quadrant [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- ServInt Announces the First Finalist for Its Inaugural Sextant Award, Recognizing the Most Effective Use of the ... [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- Leading Analyst Firm Recognizes Savvis as a Leader in Two Cloud-Focused Magic Quadrants [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- UK Cloud Computing Company iomart Hosting Recruits Scotland Footballers to Kick off New Campaign [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- Rackspace Hosting Positioned as a Leader in the Leaders Quadrant of the Magic Quadrant for Managed Hosting Providers [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- 4t Networks Offers Red Hat Enterprise Linux 6 for Cloud Hosting [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- elchemyv2.wmv - Video [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- Steve VanRoekel Keynote, NIST Cloud Computing Forum and Workshop IV - Video [Last Updated On: March 11th, 2012] [Originally Added On: March 11th, 2012]
- Hosting.com Enhances Backup Capabilities to Deliver Leading-Edge Data Recovery Solution for Businesses Any Size ... [Last Updated On: March 12th, 2012] [Originally Added On: March 12th, 2012]
- Online Tech Hosts Webinar on Cloud Computing in EHR/RCM Systems [Last Updated On: March 12th, 2012] [Originally Added On: March 12th, 2012]
- Hosting.com Enhances Backup & Data Recovery [Last Updated On: March 12th, 2012] [Originally Added On: March 12th, 2012]
- ServInt Introduces Its New Flex Line of High-Performance, Fully Managed Dedicated Servers [Last Updated On: March 14th, 2012] [Originally Added On: March 14th, 2012]
- Telefonica targets LatAm with business cloud [Last Updated On: March 14th, 2012] [Originally Added On: March 14th, 2012]
- TCWH Announces New InMotion Hosting Review 2012 [Last Updated On: March 14th, 2012] [Originally Added On: March 14th, 2012]
- Lokahi Expands Cloud Offering to Include Managed Security Services Through Partnership With StillSecure [Last Updated On: March 15th, 2012] [Originally Added On: March 15th, 2012]
- Eco Cloud Hosting IPv6 Ready with Web Application Firewall and Load Balancer - Video [Last Updated On: March 15th, 2012] [Originally Added On: March 15th, 2012]
- Private SharePoint Cloud Beats Other Cloud Hosting Options for Enterprises on Price, Practicality [Last Updated On: March 17th, 2012] [Originally Added On: March 17th, 2012]
- Private SharePoint Cloud Beats Other Cloud Hosting Options for Enterprises, Says AISN [Last Updated On: March 17th, 2012] [Originally Added On: March 17th, 2012]
- CaymanSecurity.com Introduces Secure Cloud Hosting Services [Last Updated On: March 19th, 2012] [Originally Added On: March 19th, 2012]
- Storm On Demand Introduces Windows Cloud Hosting [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- Citrix Streamlines Delivery of Cloud-Hosted Apps and Desktops [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- Cloud Computing Explained.mp4 - Video [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- AMD Opteron 3200 Chips Target Cloud, Web Hosting [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- Understanding the Cloud Computing Stack: SaaS, PaaS and IaaS | CloudU - Video [Last Updated On: March 21st, 2012] [Originally Added On: March 21st, 2012]
- Racemi Joins Rackspace Cloud Tools Program [Last Updated On: March 22nd, 2012] [Originally Added On: March 22nd, 2012]
- iNetRadio Adds User Music Cloud Hosting [Last Updated On: April 18th, 2012] [Originally Added On: April 18th, 2012]
- Managed Hosting Company, OneNeck IT Services, Selected by Southwest Home Builder for Cloud Services [Last Updated On: April 18th, 2012] [Originally Added On: April 18th, 2012]
- What is Cloud Hosting? - Australian Cloud Hosting Providers - Video [Last Updated On: April 18th, 2012] [Originally Added On: April 18th, 2012]
- Courion Leverages NaviSite's Enterprise Cloud to Deliver Identity and Access Management Software-as-a-Service [Last Updated On: April 24th, 2012] [Originally Added On: April 24th, 2012]
- TLD Solutions Launches Next Generation "4GH" Web Hosting [Last Updated On: May 4th, 2012] [Originally Added On: May 4th, 2012]
- ElasticHosts unveils simple cloud web hosting for SMEs [Last Updated On: May 4th, 2012] [Originally Added On: May 4th, 2012]
- Rackspace Hosting 1Q net income up on higher sales [Last Updated On: May 8th, 2012] [Originally Added On: May 8th, 2012]
- Infinitely Virtual Announces Support for Microsoft SQL Server 2012, Providing Cloud-Ready Hosting with Mission ... [Last Updated On: May 8th, 2012] [Originally Added On: May 8th, 2012]
- Kore Domains Launches Revolutionary New "4GH" Web Hosting Solution [Last Updated On: May 8th, 2012] [Originally Added On: May 8th, 2012]
- 4GH Web Hosting Europa Launches 4GH Cloud Web Hosting Solution in European Data Center [Last Updated On: May 10th, 2012] [Originally Added On: May 10th, 2012]
- Hughes Cloud Services & Hosting Showcases Its Comprehensive Enterprise IT Offering At ... [Last Updated On: May 12th, 2012] [Originally Added On: May 12th, 2012]