Tech-sector companies need more education on requirements needed to operate within the Department of Defense (DoD), especially for cloud software-as-a-service (SaaS) providers new to the department, a U.S. Army official said this week.
Gregg Judge, deputy director for the Army’s Enterprise Cloud Management Office, explained that cloud SaaS providers usually believe that approval from the Federal government-wide cloud security compliance program – the Federal Risk and Authorization Management Program (FedRAMP) – is enough to operate within the DoD.
However, FedRAMP does not equate to authorization to operate at a specific DoD impact level.
“Companies that have not previously worked with us are often surprised that regardless of their compliance with FedRAMP to operate in our network they need further validation,” Judge said during a July 24 virtual event organized and hosted by GovExec and Salesforce.
Cloud SaaS services often enables organizations to rapidly deploy and more easily maintain applications that can rapidly analyze and transport the plethora of data collected on and for the modern battlefield. Cloud SaaS is an essential factor for the Army and the DoD to maintain the competitive edge needed on the rapidly evolving modern battlefield.
“Cloud SaaS bridges challenges that we at the Army have continuously run into over the years, like incoherency in software versions,” Judge said.
However, educating cloud SaaS providers to understand the requirements necessary to operate within the Army and the DoD has been a primary and ongoing challenge for the department and its military services, Judge said.
The Army, he added, is working to communicate the requirements – in addition to FedRAMP approvals – necessary to operate in their environment.
“Cloud SaaS providers do need FedRAMP approval to work at the DoD. However, FedRAMP compliance is not the end, it’s just the beginning for those wanting to operate inside the Army,” Judge said. “Security controls must still be implemented. They must be tested, validated, and authorized to operate in our Army networks.”