Amazon gets provisional operating authorization to sell cloud services to the Defense Department for work involving low-risk unclassified data.

Amazon Web Services won provisional authority to function cloud computing services for the dept of Defense, permitting AWS to deal with unclassified data under the DOD’s Cloud Security Model (CSM).

The authorization reopens the DOD marketplace for the company’s cloud-based computing services, which have been shut out of recent deals since 2012 since the DOD required service providers to have a safety certification. The authorization covers five service offerings: Elastic Compute Cloud, Simple Storage Services, Virtual Private Cloud, Elastic Block Store, and Identity and Access Management.

“There’s a huge demand for the services in DOD,” said Teresa Carlson, AWS vp of globally public sector. US Navy CIO Terry Halvorsen, for example, recently said the Navy intends to go the department’s unclassified, publicly available data to a commercially provided cloud.

AWS is the second one cloud agency to receive the authority to function on the initial low-impact levels. Autonomic Resources received it in 2013 for its Autonomic Resources Cloud Platform.

[FedRAMP provides a minimum cloud security standard for the DoD. Read why Defense CIO Takai Believes Why FedRAMP Helps Everyone.]

The Defense Information Systems Agency (DISA) was named the department’s cloud service broker in 2012 and tasked with developing a cloud security model for DOD unclassified and classified missions during the Secret level. Missions classified above Secret aren’t included within the model.

Acquisition of cloud services by DOD agencies now must suffer the DISA brokerage, and only authorized providers can be utilized. Those agencies already using cloud services before the edict were allowed to continue using them. AWS was permitted to work with existing DOD customers but couldn’t register additional customers until the authorization to function was granted.

The DOD has designated different tiers or impact levels, counting on the kind of information being stored or hosted within the cloud and the aptitude impact of that information being compromised. DOD agencies work with the DISA to ascertain the impact level of the workload being moved to the cloud. Levels 1 and a couple of cover low-risk unclassified data that’s publicly releasable or controlled. Those were the primary levels for which DISA requirements were issued. Requirements for levels 3-5 were released this month. Carlson said AWS is pursuing authorization for the better-impact levels.

The DISA cloud security model recognizes the equivalency of a few government cloud security standards and programs so that you can minimize the effort and time required for certification. These other programs include:

• FedRAMP
• Committee on National Security Systems Instruction (CNSSI) 1253 Controls
• Ongoing Assessment
• DOD Command and Control and Network Operations Integration
• Architectural Integration
• Policy, Guidance, and Operational Constraints

FedRAMP, the Federal Risk and Authorization Management Program, is a central authority program to certify cloud service providers at a baseline level of security under the Federal Information Security Management Act. FedRAMP allows agencies to make use of or build on cloud services which have been FedRAMP certified, in order that each agency doesn’t ought to start from scratch in certifying each computing platform getting used . Both Autonomic and AWS leveraged their FedRAMP certifications and documented the extra 20 controls needed for DOD authorization to accomplish work at impact levels 1 and a couple of.

Amazon’s authorization covers all the company’s infrastructure regions within the continental U.s., including its US East and US West regions, in addition to its GovCloud. Though GovCloud is a dedicated government cloud, some federal customers use the opposite clouds for noncritical workloads.

Find out how a central authority program is putting cloud computing at the fast track to higher security. Also within the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

William Jackson is a technology writer based in Washington, D.C. He have been a journalist for greater than 35 years, most recently covering the $80 billion federal government IT sector for presidency Computer News. His coverage has ranged from architecture to international … View Full Bio

More Insights