Defense agency CIOs now have more power to buy cloud services under a new memo that gives component agencies authority to act as their own brokers, rather than going through the Defense Information Systems Agency.
Acting DoD CIO Terry Halvorsen has said he wants to speed up the cloud acquisition process among the department's many component agencies and military branches. The move to federate responsibility for the process is intended to do just that, while maintaining a level of security necessary for defense operations.
There will still be oversight, as agencies must complete a Business Case Analysis (BCA) prior to each acquisition using the guidelines set forth in an October DoD memo. Both the component agency CIO and DoD CIO must sign off on the BCA before the purchase is finalized.
MORE:
What's Next in DoD Cloud — An Online Multimedia Report
Minimum security standards will follow the Federal Risk Authorization and Management Program (FedRAMP). DoD is working on a policy guide for sensitive unclassified data expected to be released Jan. 7. The security guide will require cloud providers to submit evidence to DISA that their services can handle sensitive information securely. If a product meets the security requirements, DISA will issue a provisional authorization.
Component agency CIOs will then use the BCA and information in the provisional authorization to make decisions on cloud purchases.
"This is a great outcome," said Carmen Krueger, senior vice president and general manager for cloud operations at SAP National Security Services (SAP NS2). "The Department of Defense is a very large organization and the services have historically had some level of autonomy in information technology choices but with that key umbrella of security protocols that they have to follow."
Krueger noted the provisional authorizations will work in much the same way that civilian cloud providers use authority to operate accreditation. Like an ATO, provisional authorization will give component agencies assurance that the provider meets the baseline requirements without having to duplicate the process at each agency.
Read more at Federal Times
.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
