Dfndng DoD Mssons n th Commcal Cloud Pt Dnsmo Cybscuty Rsk Managmnt 18 Jun 2015 UNCLASSIFIED 1
Data Catgozaton IMPAC LEVELS Lvl 1: Unclassfd Infomaton Appovd fo Publc Rlas Lvl 2: Non-Contolld Unclassfd Infomaton Lvl 3: Contolld Unclassfd Infomaton Lvl 4: Contolld Unclassfd Infomaton Expot Contol, PI, PHI, FOUO and oths Lvl 5: Contolld Unclassfd Infomaton CUI Rqung Hgh Potcton,.. NSSs Lvl 6: Classfd Infomaton up to SECRE h data nds to dv th lvl of potcton and dfns qud! UNCLASSIFIED 2
Ky Scuty Rqumnts IMPAC LEVEL INFORMAION SENSIIVIY SECURIY CONROLS LOCAION OFF-PREMISES CONNECIVIY SEPARAION PERSONNEL REQUIREMENS 2 PUBLIC o Non ctcal Msson Infomaton FdRAMP v2 Modat US / US outlyng aas o DoD on pmss o AO authozd locatons Intnt Vtual / Logcal PUBLIC COMMUNIY Natonal Agncy Chck and Inqus (NACI) 4 5 CUI o Non CUI Ctcal Msson Infomaton Non Natonal Scuty Systms Hgh Snstvty CUI Natonal Scuty Systms Lvl 2 + CUI Spcfc alod St Lvl 4 + NSS & CUI Spcfc alod St US / US outlyng aas o DoD on pmss o AO authozd locatons US / US outlyng aas o DoD on pmss NIPRNt va CAP NIPRNt va CAP Vtual / Logcal PUBLIC COMMUNIY Stong Vtual Spaaton Btwn nant Systms & Infomaton Vtual / Logcal FEDERAL GOV. COMMUNIY Ddcatd Infastuctu ADP 1 Sngl Scop Backgound Invstgaton (SSBI) ADP 2 Natonal Agncy Chck wth Law and Cdt (NACLC) Non Dsclosu Agmnt (NDA) 6 Classfd SECRE Natonal Scuty Systms Lvl 5 + Classfd Ovlay US / US outlyng aas o DoD on pmss CLEARED / CLASSIFIED FACILIIES SIPRNE va CAP Vtual / Logcal FEDERAL GOV. COMMUNIY Ddcatd Infastuctu Favoably Adjudcatd SSBI SECRE Claanc NDA UNCLASSIFIED 3
Rsk Managmnt Rsk Pofl AO Dcson Idntfy Cloud Svc Povd () Offng (s) wth DoD Povsonal AO (P-AO) aganst msson data scuty qumnts Slct aft compang sk pofls Rcpocty: maxmz us of xstng body of vdnc (.g. scop, tstng, sults, sdual sk) Idntfy and solv any addtonal tstng qumnts If sk s accptabl: Issu a Msson Own AO, xplctly flctng accptanc of sk and lablts n DoD P-AO fo systm and msson. Msson AO UNCLASSIFIED 4
Cloud Dfns Objctvs Lvl 2 Commcal Cloud Intnt basd uss connct to Lvl 2 s va dct Intnt Accss Intnt Us Lvl 2 s Intnt DoD Intnt Accss Pont (IAP) Ntwok dfnss nhtd though povdd capablts NIPRNt uss connct to Lvl 2 s va th DoD IAPs NIPRNt Us NIPRNt UNCLASSIFIED 5
Cloud Dfns Objctvs Lvl 4/5 Commcal Cloud Lvl 4/5 s Intnt Us Intnt DoD Intnt Accss Pont (IAP) Conncton Cloud Accss Pont (CAP) Potct applcatons xcutng n th cloud fom malcous actvty NIPRNt Us NIPRNt Potct th DoDIN fom malcous actvty occung n th cloud UNCLASSIFIED 6 25 JAN 2015 -- 1750 6
DCO Rsponsblts ELEMENS OF DCO/ DCO s a shad sponsblty btwn DISA, povds, th, and Msson Owns Lvl 4 / 5 s Msson Own (VPC) Intuson Dtcton/Pvnton Systm (IDPS) Intnt Conncton Fwall Capablts Entps Infomaton Assuanc Intnt Us DoD Intnt Accss Pont (IAP) Cloud Accss Pont (CAP) Enclav Scuty Applcaton Potcton Loggng and Analyss NIPRNt Us NIPRNt UNCLASSIFIED 7
Bounday Povds USCYBERCOM JFHQ-DODIN CP JCC / CCMD DISA DCC DNC CONUS (DoDIN ) ----------- USCYBERCOM JFHQ-DODIN CP Bounday (B) JCC / CCMD 1 US- CER DISA DCC DNC CONUS (DoDIN ) ----------- Msson (C2+Ops) Bounday (B) 1 2 Ods LEGEND Data Shang Data Flow/Rpotng Msson Owns Mssons Contan 3 UNCLASSIFIED 8
Msson Povds USCYBERCOM JFHQ-DODIN CP JCC / CCMD Msson (C2+Ops) 2 US- CER DISA DCC DNC CONUS (DoDIN ) ----------- Msson (C2+Ops) Bounday (B) MCN D MCN D 1 2 Ods LEGEND Data Shang Data Flow/Rpotng Msson Owns Mssons Contan 3 UNCLASSIFIED 9
Msson Owns / s USCYBERCOM JFHQ-DODIN CP JCC / CCMD Msson Owns Mssons Contan 3 US- CER DISA DCC DNC CONUS (DoDIN ) ----------- Msson (C2+Ops) Bounday (B) MCN D MCN D 1 2 Ods LEGEND Data Shang Data Flow/Rpotng Msson Owns Mssons Contan 3 UNCLASSIFIED 10
Rollng nto th Cloud! UNCLASSIFIED 11
Contact/POC Infomaton Infomaton www.dsa.ml Wbst o Pogam Extnal Lnk http://www.dsa.ml/computng/cloud-svcs/cloud-suppot https://dsa.dps.ml/dsa/og/atb/cloud%20bok/pags/dfault.aspx EMAIL https://dsa.dps.ml/dsa/og/atb/cloud%20bok/pags/contact%20us.aspx kvn.a.walk50.cv@mal.ml PHONE 301-225-5036 UNCLASSIFIED 12
Untd n Svc to Ou Naton UNCLASSIFIED 13