DISA Releases Guide For Buying Commercial Cloud Services

No Category Set!

The Defense Information Systems Agency last week released the first version of a new best practices guide for Defense Department agencies responsible for purchasing commercial cloud services. It is the first major cloud guidance issued by DISA since December when Defense Department Chief Information Officer Terry Halvorsen stripped the agency of its central cloud service provider role.

altFrom the outset, however, DISA makes it clear that the new guidance is not official Defense Department policy. Rather, it is a collection of best practices gained from several DOD cloud pilot projects.

“This Best Practices Guide (BPG) is NOT DoD Policy, DISA Policy, a Security Requirements Guide (SRG), or a Security Technical Implementation Guide (STIG),” the document states. “It is a collection of Best Practices discovered during the DoD CIO Cloud Pilots effort for the benefit of the DOD Community.”

The 23-page guide covers everything from the basics of how cloud service providers employ and define metered compute and bandwidth resources, to more complex topics like Classless Inter-Domain Routing and considerations for deploying SQL Server and Linux operating systems to virtual machines. It also focuses heavily on security, as DISA retained its central authority in the security authorization process for commercial cloud services under the new Defense Department cloud policy.

You can download and read the new guide, Best Practices Guide for DOD Cloud Mission Owners, here.

Join the conversation. Post a comment or email me at dverton@meritalk.com or follow me on Twitter.

Dan Verton
About Dan Verton
MeriTalk Executive Editor Dan Verton is a veteran journalist and winner of the First Place Jesse H. Neal National Business Journalism Award for Best News Reporting -- the highest award in the nation for business/trade journalism. Dan earned a Master's Degree in Journalism and Public Affairs from American University in Washington, D.C., and has spent the last 20 years in the nation's capital reporting on government, enterprise technology, policy and national cybersecurity. He’s also a former intelligence officer in the United States Marine Corps, has authored three books on cybersecurity, and has testified on critical infrastructure protection before both House and Senate committees.
No Comments

    Leave a Reply


    Popular

    Recent