DoD Impact Levels
Cloud security has become increasingly important across the federal government in response to the rising number of cyberattacks such as ransomware, viruses and phishing scams. While cybercrimes continue to escalate, The Defense Information Systems Agency (DISA) recognizes the many benefits of cloud technology solutions and issued the Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG). Cloud service providers (CSP) must comply with the most current DoD security requirements by ensuring that their cloud service offerings (CSO) preserve the confidentiality, integrity and availability of sensitive data.
Carahsoft partners with a wide variety of authorized CSPs to deliver exceptional solutions that ensure network security, information protection and dataflow continuity for government defense agencies. Discover how to meet DoD cybersecurity requirements with cloud deployment and information management services that comply with the DoD CC SRG.
The DoD cybersecurity requirements provide guidance and best practices for CSPs to mitigate risk exposure by implementing access controls that safeguard assets from unauthorized users. This process strengthens our Nation’s IT security posture by ensuring that the government procures certified cloud solutions, which have achieved Authority to Operate (ATO), so your agency can rest assured, knowing its most sensitive data is safe from threats. Are you interested in learning more about how to acquire commercial cloud services listed on the DoD Cloud Service Catalog?
DoD Impact levels measure the degree of data sensitivity and how compromising the confidentiality, integrity, or availability of mission-critical information would affect national security. DoD Impact Levels are classified as:
Find a cloud solution for the DoD Impact Level that suits your mission needs.
Reciprocity between FedRAMP and the DoD Impact Levels allows the DoD to utilize a CSO that has been FedRAMP authorized. The DoD IL2 and FedRAMP Moderate are considered equivalent baselines for the cloud cybersecurity requirements given to CSPs.
DISA has enabled non-critical mission information and public data under DoD IL2 to be hosted on CSOs with FedRAMP Moderate authorization. The contingencies for reciprocity are that the CSO must be FedRAMP authorized, datacenters must be located in the U.S. or its territories and the CSO must maintain their authorization status throughout continuous monitoring.