Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Size: px
Start display at page:

Download "Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent"

Transcription

1 Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent

2 The first in a series of audits DoD did not fully execute elements of the July 2012 DoD Cloud Computing Strategy For the three cloud computing contracts reviewed, no waivers from the designated review authority to use a non-dod approved CSP DoD CIO had not developed an implementation plan (as of June 2014) nor a detailed written process for obtaining a GIG waiver Greater risk of not preserving the security of DoD information against cyber threats 2

3 Cloud First Requires Federal Government shift to a Cloud First policy Cites benefits of cloud Economical Flexible Fast When evaluating options for new IT, agencies should default to cloud-based solutions whenever a secure, reliable, costeffective cloud option exists NIST to lead the development of standards for security, interoperability, and portability SP Guide to Security for Full Virtualization Technologies, January 2011 SP NIST Definition of Cloud Computing, September 2011 SP Guidelines on Security and Privacy in Public Cloud, November 2011 SP NIST Cloud Computing Synopsis and Recommendations, May 2012 Scaling to larger sets of consumers and resources is one of the important strategies for public clouds to achieve low costs and elasticity; if this scaling is achieved, however, it also implies a large collection of potential attackers. 3

4 Federal Risk and Authorization Management Program (FedRAMP) Developed in collaboration with NIST, GSA, DoD and DHS Ensures cloud based services have adequate information security Eliminates duplication of effort and reduce risk management costs Enables rapid and cost-effective procurement of information systems/services for Federal agencies Tools Developed a list of NIST controls CSPs must meet for Low and Moderate Impact levels Developed Security Assessment Framework (SAF) which details the security assessment process Cloud Service Providers (CSPs) must use to achieve compliance with FedRAMP. Developed a security contract clause template to assist federal agencies in procuring cloud-based services Maintains a Security Repository of CSP compliant providers who have obtained Provisional ATOs 4

5 DoD Cloud Strategy June 26, 2012 DoD CIO designated DISA to perform cloud brokerage functions to achieve IT efficiencies, reliability, interoperability and improve security and end-to-end performance by using cloud service offerings. IOC as Enterprise Cloud Service Broker (ECSB) on April 16, 2013 DoD Cloud Security Model (CSM) established security guidelines for hosting DoD data/mission/ applications in a cloud environment. Continuous updates, current version is ECSB CSM v2.1 dated March 13, 2014 Establishes the DoD security requirements for CSPs to host DoD mission up to and including Secret In July 2012, the DoD CIO issued the DoD Cloud Computing Strategy to accelerate the DoD adoption of cloud computing and take advantage of its benefits. The strategy provides elements intended to foster adoption of cloud computing and establish a DoD cloud infrastructure. Elements in the strategy include, but are not limited to, the establishment of broker services, training, contract clauses, and broker management capabilities such as: providing an integrated billing and contracting interface; managing integrated service delivery from DoD and commercial cloud service providers (CSPs); controlling usage and optimizing cloud computing workload distribution; and providing a common, integrated helpdesk. 5

6 Transitioning to the Cloud The DoD Enterprise Cloud Environment will facilitate consolidating and optimizing the Department s IT infrastructure, including data centers and network operations, and standardizing IT platforms that ensure a secure cyber environment and leverage Agile development. The Department will also adopt commercial cloud computing solutions to the greatest extent possible in support of the Department s mission. 6

7 Commercial Cloud Process FedRAMP Authority to Operate CSM ATO Levels 1-2 (Public) CSM ATO Levels 3-5 (NIPR) CSM ATO Level 6 (SIPR) System-Specific ATO John Doe DoD DAA 100 s of Cloud Service Providers (CSP) 1 Provisional Authorization granted 2 2 Increasing Security and Operating Requirements The DoD provisionally authorized commercial CSP offering is eligible to be included in the Enterprise Cloud Service Catalog Providers are a mix of IaaS, PaaS, SaaS (Initial Focus is on IaaS) 18 FedRAMP Compliant CSP Offerings 1 Provisional Authorization granted 3 1 Source: 2 Provisional ATO granted to 3 CSPs by February AWS GovCloud Provisional ATO granted 8/8/2014 to deploy pilot applications DoD Cloud Security Process and Requirements (Administered via DISA) 7

8 Moves and Countermoves Broker concept is still being developed by DoD and not fully in place DON will ensure systems are properly certified and formally approved by the appropriate DAA and ensure commercial CSPs are used to support low-impact systems and missions functions, unless a more cost effective DoD solution is identified Enterprise Cloud Service Broker (ECSB) IOC on April 16, 2013 DON CIO 04 June 2013 Update to DON Approach to Cloud Computing Cancels 01 April 2013 memo DON CIO will use the Broker to: arrange for offerings via the Enterprise Cloud Service Catalog or other contract vehicles approved by the Broker Identify and vet commercial CSP s to host low impact systems DOD CIO 16 December 2013 Update to DON Approach to Cloud Computing All commercial cloud requests proceed through the DoD Cloud Broker DoD PA or DISN GIG Flag Panel approval prior to acquisition and use Suspension of deployments not having DOD PA or not hosted with DoD s infrastructure 8

9 Catching Fire February CSPs have DOD PAs for Impact Levels 1 and 2 21 May 2014 Terry Halvorsen becomes acting DoD CIO 8 August AWS GovCloud PA granted for Levels 3-5 Conditional upon establishing NIPRNet connectivity to GovCloud, with CND Leveraging the PA, system owner DAAs (not DISA) responsible for system accreditation 11 November 2014 DoD Cloud Way Forward Comprehensive cloud guidance to CSPs and DoD customer organizations Requires physical separation from non-dod tenants for impact levels 3-5 Outlines process for requirements that cannot be met by a DoD provisionally authorized cloud service 9

10 The first in a series of audits DoD did not fully execute elements of the July 2012 DoD Cloud Computing Strategy For the three cloud computing contracts reviewed, no waivers from the designated review authority to use a non-dod approved CSP DoD CIO had not developed an implementation plan (as of June 2014) nor a detailed written process for obtaining a GIG waiver Greater risk of not preserving the security of DoD information against cyber threats 10

11 Breaking News 7 December Draft Cloud Computing Security Requirements Guide (SRG) V1 Incorporates, supersedes, and rescinds the previous Cloud Security Model A Technical Interchange Meeting (TIM) held 12/18 to discuss the SRG Impact Levels 1 (public information) and 3 (low impact Controlled Unclassified Information (CUI) were merged with the next higher impact levels DISA is considering accepting FedRAMP Provisional Authorization as the basis for granting a DOD P-ATO for Impact Level 2 15 December DoD CIO Updated Guidance on the Acquisition and Use of Commercial Cloud Services Cancels 2 key DoD Cloud Memos: Designation of the Defense Information Systems Agency as the Department of Defense Enterprise Cloud Service Broker, 26 June 2012 Supplemental Guidance on the Use of Commercial Cloud Computing Services, 16 December 2013 DoD components may acquire cloud services directly Requires Business Case Analysis (BCA) and cloud services offered by DISA must be considered Components may host unclassified DoD data that has been publicly released on FedRAMP approved cloud services Cloud services used for Sensitive Data must be connected to customers through a DoD CIO approved Cloud Access Point (CAP) provided by DISA or another DoD Component 11

DISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015

DISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015 DISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015 New leadership breeds new policies and different approaches to a more rapid adoption of cloud services for the

More information

Cloud Services Trends: From Pure IaaS to IaaS+PaaS Enterprise Platform with the Benefits of Cloud

Cloud Services Trends: From Pure IaaS to IaaS+PaaS Enterprise Platform with the Benefits of Cloud Cloud Services Trends: From Pure IaaS to IaaS+PaaS Enterprise Platform with the Benefits of Cloud Pete Nuwayser Deloitte Consulting LLP 2 December 2015 Agenda A Quick Level Set Pure IaaS at a DoD Client

More information

DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process

DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process Inspector General U.S. Department of Defense Report No. DODIG-2015-045 DECEMBER 4, 2014 DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process INTEGRITY EFFICIENCY ACCOUNTABILITY

More information

DoD Cloud Computing Security Requirements Guide (SRG) Overview

DoD Cloud Computing Security Requirements Guide (SRG) Overview DoD Cloud Computing Security Requirements Guide (SRG) Overview 1 General SRG Information Released 12 January 2015 Version 1, release 1 Provides comprehensive security guidance for components (missions)

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL

DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL Version 1.0 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD) EXECUTIVE SUMMARY The 26 June 2012 DoD

More information

Overview. FedRAMP CONOPS

Overview. FedRAMP CONOPS Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,

More information

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments

More information

DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1. 12 January 2015

DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1. 12 January 2015 DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1 12 January 2015 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense

More information

What should go to the Cloud and When. What should NOT go to the Cloud and Why

What should go to the Cloud and When. What should NOT go to the Cloud and Why What should go to the Cloud and When What should NOT go to the Cloud and Why Cloud a New Business Model for IT delivery in Federal Programmatic approach to Cloud Security (FedRAMP, DISA SRG) Cloud Service

More information

Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov

Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov Cloud Computing Briefing Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov Cloud Computing Basics Style of computing Cloud Computing: What Does it Mean? Close public/private sector

More information

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 10 Considerations for a Cloud Procurement Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 www.lbmctech.com info@lbmctech.com Purpose: Cloud computing provides public sector organizations

More information

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service Cloud Computing Best Practices Cloud Computing Best Practices Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service Overview Cloud Computing

More information

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee

More information

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE

More information

Information Assurance in the Cloud

Information Assurance in the Cloud Information Assurance in the Cloud The Status of FedRAMP, April 2013 AGA - Montgomery/Prince George s Chapter cliftonlarsonallen.com Session Outline 1. Cloud Services in Federal Government The Opportunity

More information

Cloud Security for Federal Agencies

Cloud Security for Federal Agencies Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service

More information

Federal Risk and Authorization Management Program (FedRAMP)

Federal Risk and Authorization Management Program (FedRAMP) Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide

More information

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 Washington, DC 20420 Transmittal Sheet February 28, 2012 CLOUD COMPUTING SERVICES 1. REASON FOR ISSUE: This Directive establishes the Department of Veterans

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Esri Managed Cloud Services and FedRAMP

Esri Managed Cloud Services and FedRAMP Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP

More information

Cloud Brokerage Industry Day August 2, 2012. Panel Questions & Answers

Cloud Brokerage Industry Day August 2, 2012. Panel Questions & Answers Cloud Brokerage Industry Day August 2, 2012 Panel Questions & Answers Contents This presentation contains discussion questions and notes from the panelist responses for the GSA Cloud Brokerage Industry

More information

AWS Worldwide Public Sector

AWS Worldwide Public Sector 15 Minute Introduction to AWS and Q&A April 2015 Mark Fox Sr. Manager DoD Sales I love/hate relationship with the term cloud Now the IT norm Commercial Cloud should not be scary nor considered less secure

More information

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003

More information

Federal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration

Federal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration efast Cloud Computing Services 25 October 2012 1 Bottom Line Up Front The FAA Cloud Computing Vision released in 2012 identified the agency's road map to meet the Cloud First Policy efast must provide

More information

VA Enterprise Design Patterns: 6. Cloud Computing 6.1 Enterprise Cloud Services Broker

VA Enterprise Design Patterns: 6. Cloud Computing 6.1 Enterprise Cloud Services Broker VA Enterprise Design Patterns: 6. Cloud Computing 6.1 Enterprise Cloud Services Broker Office of Technology Strategies (TS) Architecture, Strategy, and Design (ASD) Office of Information and Technology

More information

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft)

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Working Group Dr. Michaela Iorga, NIST Senior Security Technical Lead for Cloud Computing Chair, NIST

More information

Department of Defense Use of Commercial Cloud Computing Capabilities and Services

Department of Defense Use of Commercial Cloud Computing Capabilities and Services I N S T I T U T E F O R D E F E N S E A N A L Y S E S Department of Defense Use of Commercial Cloud Computing Capabilities and Services Laura A. Odell, Project Leader Ryan R. Wagner Tristan J. Weir November

More information

DoD Needs an Effective Process to Identify Cloud Computing Service Contracts

DoD Needs an Effective Process to Identify Cloud Computing Service Contracts Inspector General U.S. Department of Defense Report No. DODIG-2016-038 DECEMBER 28, 2015 DoD Needs an Effective Process to Identify Cloud Computing Service Contracts INTEGRITY EFFICIENCY ACCOUNTABILITY

More information

Enterprise Managed Cloud Computing at NASA. Karen Petraska NASA Office of the CIO Computing Services Service Office (CSSO) October 1, 2014

Enterprise Managed Cloud Computing at NASA. Karen Petraska NASA Office of the CIO Computing Services Service Office (CSSO) October 1, 2014 Enterprise Managed Cloud Computing at NASA Karen Petraska NASA Office of the CIO Computing Services Service Office (CSSO) October 1, 2014 What is Cloud Computing? Cloud Computing in a Nutshell Cloud computing

More information

Security Authorization Process Guide

Security Authorization Process Guide Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...

More information

TESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY

TESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY TESTIMONY OF MR. RICHARD SPIRES CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY

More information

Cloud Computing. Report No. OIG-AMR-74-14-03. UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General.

Cloud Computing. Report No. OIG-AMR-74-14-03. UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General. UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General Cloud Computing Report No. OIG-AMR-74-14-03 October 21, 2014 CONTENTS EXECUTIVE SUMMARY... 1 BACKGROUND... 2 OBJECTIVE,

More information

FedRAMP Master Acronym List. Version 1.0

FedRAMP Master Acronym List. Version 1.0 FedRAMP Master Acronym List Version 1.0 September 10, 2015 Revision History Date Version Page(s) Description Author Sept. 10, 2014 1.0 All Initial issue. FedRAMP PMO How to Contact Us For questions about

More information

Cloud Computing Strategy

Cloud Computing Strategy Department of Defense Chief Information Officer Cloud Computing Strategy July 2012 This page intentionally left blank EXECUTIVE SUMMARY In the current political, economic, and technological landscape,

More information

Cloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA

Cloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA Cloud Services The Path Forward Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA November 1, 2012 Agenda Integrated Technology Services (ITS) Cloud Acquisition

More information

Briefing to the AFCEA International Cyber Symposium

Briefing to the AFCEA International Cyber Symposium Briefing to the AFCEA International Cyber Symposium 26 June 2013 Lt Gen Ronnie D. Hawkins, Jr. Director, Defense Information Systems Agency 1 1 UNCLASSIFIED Organizational Changes Command Staff Financial

More information

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region 1 1) Government Cloud Journey 2) Government Clouds 3) Way Forward 2 1. Government Cloud

More information

Army Cloud Computing Strategy

Army Cloud Computing Strategy Army Cloud Computing Strategy MARCH 2015 Enterprise Architecture Division Army Architecture Integration Center HQDA CIO/G-6 Version 1.0 This page intentionally left blank. TABLE OF CONTENTS FOREWORD...

More information

GAO INFORMATION TECHNOLOGY REFORM. Progress Made but Future Cloud Computing Efforts Should be Better Planned

GAO INFORMATION TECHNOLOGY REFORM. Progress Made but Future Cloud Computing Efforts Should be Better Planned GAO July 2012 United States Government Accountability Office Report to the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee

More information

Securing Government Clouds Preparing for the Rainy Days

Securing Government Clouds Preparing for the Rainy Days Securing Government Clouds Preparing for the Rainy Days Majed Saadi Director, Cloud Computing Practice Agenda 1. The Cloud: Opportunities and Challenges 2. Cloud s Potential for Providing Government Services

More information

Cloud. in 2014. Inside: SPECIAL REPORT. A Guide for Government. p9 Agencies deepen investments in cloud solutions

Cloud. in 2014. Inside: SPECIAL REPORT. A Guide for Government. p9 Agencies deepen investments in cloud solutions Cloud in 2014 ONLINE REPORT SPONSORED BY: Inside: p2 p4 p6 p8 p9 Agencies deepen investments in cloud solutions Hybrid model key to the future of cloud Cloud security initiatives gains momentum 2014: A

More information

Federal Cloud Computing Summit: Summary and Way Forward

Federal Cloud Computing Summit: Summary and Way Forward Federal Cloud Computing Summit: Summary and Way Forward Abstract The Federal Cloud Computing Summit took place on December 17 th, 2013. The Summit included MITREled Collaboration Sessions that allowed

More information

The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative

The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative September 2014 Council of the Inspectors General on Integrity and Efficiency Cloud Computing Initiative Executive

More information

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better

More information

Cloud Assessments. Federal Computer Security Managers Forum. John Connor, IT Security Specialist, OISM, NIST. Meeting.

Cloud Assessments. Federal Computer Security Managers Forum. John Connor, IT Security Specialist, OISM, NIST. Meeting. Cloud Assessments SaaS Email Working Group John Connor, IT Security Specialist, OISM, NIST Meeting August, 2015 Background Photo - JILA strontium atomic clock (a joint institute of NIST and the University

More information

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Cloud and Regulations: A match made in heaven, or the worst blind date ever? Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing

More information

Cloud Computing Strategy

Cloud Computing Strategy Department of Defense Chief Information Officer Cloud Computing Strategy July 2012 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is

More information

United States Department of Defense

United States Department of Defense Defense.gov News Release: DOD Releases Cloud Computing Str... http://www.defense.gov/releases/release.aspx?releaseid=15435 1 of 3 7/11/2012 3:57 PM United States Department of Defense TOP LINKS Subscribe

More information

Flying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues

Flying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues Flying Through Federal Thunder Clouds Navigating FedRAMP, DoD Cloud Guidance, & Cloud Cybersecurity Issues M. Peter Adler (SRA International, Inc.) David Z. Bodenheimer (Crowell & Moring LLP) Annejanette

More information

Status of Cloud Computing Environments within OPM (Report No. 4A-CI-00-14-028)

Status of Cloud Computing Environments within OPM (Report No. 4A-CI-00-14-028) MEMORANDUM FOR KATHERINE ARCHULETA Director FROM: SUBJECT: PATRICK E. McFARLAND Inspector General Status of Cloud Computing Environments within OPM (Report No. 4A-CI-00-14-028) The purpose of this memorandum

More information

CLOUD COMPUTING SERVICES CATALOG

CLOUD COMPUTING SERVICES CATALOG CLOUD COMPUTING SERVICES CATALOG... Including information about the FedRAMP SM authorized Unclassified Remote Hosted Desktop (URHD) Software as a Service solution CTC Cloud Computing Services Software

More information

Strategic Plan Network Optimization & Transport Services 2013-2018

Strategic Plan Network Optimization & Transport Services 2013-2018 Strategic Plan Network Optimization & Transport Services 2013-2018 Office of the Chief Information Officer National Oceanic and Atmospheric Administration United States Department of Commerce Version 2.0

More information

CLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance

CLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance United States Government Accountability Office Report to Congressional Requesters April 2016 CLOUD COMPUTING Agencies Need to Incorporate Key Practices to Ensure Effective Performance GAO-16-325 April

More information

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises

More information

Federal Cloud Security

Federal Cloud Security Federal Cloud Security The views, opinions and/or findings contained in this report are those of The MITRE Corporation and should not be construed as an official government position, policy, or decision,

More information

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1.

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1. HyTrust Product Applicability Guide For Federal Risk and Authorization Management Program (FedRAMP) VMware Compliance Reference Architecture Framework to the VMware Product Applicability Guide For Federal

More information

Re: Proposed Change to Add a Cloud Computing Special Item Number (SIN) on IT Schedule 70

Re: Proposed Change to Add a Cloud Computing Special Item Number (SIN) on IT Schedule 70 August 21, 2014 Dennis Harrison Division Director, IT Schedule 70 U.S. General Services Administration 1800 F St NW Washington, DC 20006 Re: Proposed Change to Add a Cloud Computing Special Item Number

More information

Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division

Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Jason R. Baron Director of Litigation National Archives and Records Administration 1 Overview Cloud Computing Defined

More information

The Benefits of FedRAMP. Shamun Mahmud, DLT Cloud Advisory Group

The Benefits of FedRAMP. Shamun Mahmud, DLT Cloud Advisory Group The Benefits of FedRAMP Shamun Mahmud, DLT Cloud Advisory Group The Benefits of FedRAMP Shamun Mahmud, DLT Cloud Advisory Group, DLT Solutions LCC 2012 Executive Summary FedRAMP (Federal Risk and Authorization

More information

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 Perspectives on Moving to the Cloud Paradigm and the Need for Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 2 NIST Cloud Computing Resources NIST Draft Definition of

More information

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO DoD CIO s 10-Point Plan for IT Modernization Ms. Teri Takai DoD CIO Executive Summary Proactive Partnerships for IT Modernization IT Modernization Strategy Consolidate Infrastructure Streamline Processes

More information

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov

More information

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based

More information

Best Practices Guide for DoD Cloud Mission Owners

Best Practices Guide for DoD Cloud Mission Owners Best Practices Guide for Department of Defense Cloud Mission Owners Version 1.0 Last updated 2015-08-06 Developed by the Defense Information Systems Agency (DISA) For the Department of Defense (DoD) IMPORTANT:

More information

2) trusted network, resilient against large scale Denial of Service attacks

2) trusted network, resilient against large scale Denial of Service attacks Sam Crooks Network Design Engineer My background is that I have worked in the gaming (as in casinos, gambling), credit card processing industries, consumer credit and related

More information

United States Department of Agriculture. Office of Inspector General

United States Department of Agriculture. Office of Inspector General United States Department of Agriculture Office of Inspector General USDA s Implementation of Cloud Computing Services Audit Report 50501-0005-12 What Were OIG s Objectives Our objective was to evaluate

More information

2014 Defense Health Information Technology Symposium Cloud Computing in the Defense Health Agency

2014 Defense Health Information Technology Symposium Cloud Computing in the Defense Health Agency Maj Todd Roman, SM Project Officer Mr. Andrew Jake Jacobs, Strategy Officer 2014 Defense Health Information Technology Symposium Cloud Computing in the Defense Health Agency 1 DHA Vision A joint, integrated,

More information

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC) Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC) Daniel V. Bart DISA Infrastructure Development Cyber Situational Awareness and Analytics 22 April 2016 Presentation

More information

Product Framework. Products must use a common suite of infrastructure Support Services

Product Framework. Products must use a common suite of infrastructure Support Services DISA Platform as a Service (PaaS) And RACE May 2012 Version 1.0 Product Framework A Combat Support Agency Overview Enterprise Services must be Product focused with: Discrete retail based boundaries for

More information

U.S. Federal Strategy for the Safe and Secure Adoption of Cloud Computing

U.S. Federal Strategy for the Safe and Secure Adoption of Cloud Computing WHITE PAPER U.S. Federal Strategy for the Safe and Secure Adoption of Cloud Computing Bill Perlowitz, Vice President, Advanced Technology, Apptis, Inc. William.Perlowitz@Apptis.com, http://www.linkedin.com/in/wperlowitz

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

DEPARTMENTAL REGULATION

DEPARTMENTAL REGULATION U.S. DEPARTMENT OF AGRICULTURE WASHINGTON, D.C. 20250 DEPARTMENTAL REGULATION SUBJECT: Identity, Credential, and Access Management Number: 3640-001 DATE: December 9, 2011 OPI: Office of the Chief Information

More information

Cloud Computing and Enterprise Services

Cloud Computing and Enterprise Services Defense Information Systems Agency A Combat Support Agency Cloud Computing and Enterprise Services Alfred Rivera Technical Program Director 29 July 2010 Peak of Inflated Expectations You Are Here Plateau

More information

DEPARTMENT OF DEFENSE CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE. REVISION HISTORY For Version 1, Release 2. 18 March, 2016

DEPARTMENT OF DEFENSE CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE. REVISION HISTORY For Version 1, Release 2. 18 March, 2016 DEPARTMENT OF DEFENSE CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE REVISION HISTORY For Version 1, Release 2 18 March, 2016 Developed by the Defense Information Systems Agency for the Department of Defense

More information

Federal Cloud Computing Initiative Overview

Federal Cloud Computing Initiative Overview Federal Cloud Computing Initiative Overview Program Status To support the Federal Cloud Computing Direction and Deployment Approach, the ITI Line of Business PMO has been refocused as the Cloud Computing

More information

Fast IT: Accelerate Your Business

Fast IT: Accelerate Your Business Fast IT: Accelerate Your Business with Cisco Powered Infrastructure as a Service (IaaS) www.cisco.com/go/ciscopowered 1 Fast IT Delivers Value The value of IT is measured by the value it delivers to business.

More information

FedRAMP Standard Contract Language

FedRAMP Standard Contract Language FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal

More information

Highlights & Next Steps

Highlights & Next Steps USG Cloud Computing Technology Roadmap Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways

More information

CLOUD COMPUTING. Additional Opportunities and Savings Need to Be Pursued

CLOUD COMPUTING. Additional Opportunities and Savings Need to Be Pursued United States Government Accountability Office Report to Congressional Requesters September 2014 CLOUD COMPUTING Additional Opportunities and Savings Need to Be Pursued GAO-14-753 September 2014 CLOUD

More information

Cloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013

Cloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 From Science to Solutions Cloud Computing Cluster Introduction to Cloud Computing Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 Senior IT Strategist SAIC What is Cloud Computing? Cloud

More information

IT-CNP, Inc. Capability Statement

IT-CNP, Inc. Capability Statement Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government

More information

DoD-Compliant Implementations in the AWS Cloud

DoD-Compliant Implementations in the AWS Cloud DoD-Compliant Implementations in the AWS Cloud Reference Architectures Paul Bockelman Andrew McDermott April 2015 Contents Contents 2 Abstract 3 Introduction 3 Getting Started 4 Shared Responsibilities

More information

Dynamic Security for the Hybrid Cloud

Dynamic Security for the Hybrid Cloud Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

FAA Cloud Computing Strategy

FAA Cloud Computing Strategy FAA Cloud Computing Strategy Final - Version 1.0 May 2012 Federal Aviation Administration 800 Independence Avenue, SW Washington, D.C. 20591 SIGNATURE PAGE Table of Contents 1. Executive Summary... 1 2.

More information

Could Computing: Concepts and Cost Considerations

Could Computing: Concepts and Cost Considerations Could Computing: Concepts and Cost Considerations Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC arlene.minkiewicz@pricesystems.com Optimize tomorrow today. 1 If computers of the kind I have advocated

More information

DLT Solutions and Amazon Web Services

DLT Solutions and Amazon Web Services DLT Solutions and Amazon Web Services For a seamless, cost-effective migration to the cloud PREMIER CONSULTING PARTNER DLT Solutions 2411 Dulles Corner Park, Suite 800 Herndon, VA 20171 Duane Thorpe Phone:

More information

Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services

Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services O F F I C E O F IN S P E C TO R GENERAL Audit Report 2014-IT-C-016 Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services September 30, 2014 B O A R D O F G O V E R

More information

The NIST Definition of Cloud Computing (Draft)

The NIST Definition of Cloud Computing (Draft) Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication

More information

DOD & Cloud Computing: Rapid Access Computing Environment (RACE) A Case Study

DOD & Cloud Computing: Rapid Access Computing Environment (RACE) A Case Study DOD & Cloud Computing: Rapid Access Computing Environment (RACE) A Case Study Henry J. Sienkiewicz Technical Program Director Computing Services Digital Government Institute s Cloud Computing Conference

More information

Ports, Protocols, and Services Management (PPSM)

Ports, Protocols, and Services Management (PPSM) Defense Information Systems Agency A Combat Support Agency Ports, Protocols, and Services Management (PPSM) PPSM, Project Manager 29 July 2010 NSC Org Chart DSAWG Dennis Ruth, Chair NSCA Connection Approval

More information

Management of Cloud Computing Contracts and Environment

Management of Cloud Computing Contracts and Environment Management of Cloud Computing Contracts and Environment Audit Report Report Number IT-AR-14-009 September 4, 2014 Cloud computing contracts did not comply with Postal Service standards. Background The

More information

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011 A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud

More information

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE SCIENCE, SPACE AND TECHNOLOGY COMMITTEE SUBCOMMITTEE

More information

DISA and the Evolving DoD Enterprise

DISA and the Evolving DoD Enterprise 1 DISA and the Evolving DoD Enterprise 11 June 2014 Major General Alan R. Lynn Vice Director, Defense Information Systems Agency 20th Century Circuit & Dial tone Delivery UNCLASSIFIED DISA is Changing

More information

2013 North American Government Cloud Solutions Company of the Year Award

2013 North American Government Cloud Solutions Company of the Year Award 2013 2013 North American Government Cloud Solutions Company of the Year Award 2013 Frost & Sullivan 1 We Accelerate Growth Company of the Year Award Government Cloud Solutions North America, 2013 Frost

More information

S. ll IN THE SENATE OF THE UNITED STATES A BILL

S. ll IN THE SENATE OF THE UNITED STATES A BILL HENF Discussion Draft S.L.C. TH CONGRESS ST SESSION S. ll To promote innovation and realize the efficiency gains and economic benefits of on-demand computing by accelerating the acquisition and deployment

More information

NIST Cloud Computing Program

NIST Cloud Computing Program NIST Program USG Roadmap Top 10 high priority requirements to accelerate USG adoption of the model NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science,

More information