The Defense Information Systems Agency (DISA) issued an Aug. 15 provisional authorization that would enable Defense Department (DoD) components and mission partners to streamline cloud authorizations.
More specifically, DoD service components and partners can “host DoD Impact Level 2 (IL2) data of Federal Risk and Authorization Management Program (FedRAMP) Authorized, Moderate Baseline, Cloud Service Offerings (CSO), without waiting for an explicit, DoD written authorization,” a DISA news release said.
DISA Risk Management Executive and Authorizing Official Roger Greenwell signed the provisional authorization so that mission partners can streamline processes and information availability when they want to host DoD IL2 mission data in the cloud, and to help industry partners reduce the steps they go through to address DoD customer needs.
“We worked with officials from the DOD, Chief Information Office (CIO), and mission partners on the drafting of the policy, and believe this approach provides significant benefit to both the DOD community as well as the cloud industry,” Greenwell said.
DISA added that CSOs that qualify under the provisional authorization must be authorized at FedRAMP Moderate Baseline, have datacenters located in the United States or its territories, and a listing in the FedRAMP Marketplace.
Additionally, cloud service providers must maintain “the FedRAMP Joint Authorization Board (JAB) or agency authorization for the CSO and adhering to successful continuous monitoring practices.”