An official website of the United States government
Here's how you know
Official websites use .mil
A
.mil
website belongs to an official U.S. Department of Defense organization in the United States.
Secure .mil websites use HTTPS
A
lock (
lock
)
or
https://
means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.
Skip to main content (Press Enter).
Toggle navigation
7th Army Training Command
7th ATC
Search 7th ATC:
Search
Search
Search 7th ATC:
Search
Home
About Us
Mission
Our History
Leadership
Staff
Chaplain
G1
G2
G3
G4
G6
G8
IG
MRA
Public Affairs
Protocol
SJA
SHARP
Directorates and Commands
Combined Arms Training Center
Grafenwoehr Training Area
International Special Training Centre
Joint Multinational Readiness Center
Joint Multinational Simulation Center
Noncommissioned Officer Academy
Training Support Activity Europe
Units
Joint Multinational Training Group-Ukraine
Georgian Defense Readiness Program-Training
HHC
Environment
Competitions
Europe Best Sniper Team
USAREUR-AF International Tank Challenge
USAREUR-AF Best Squad
European Best Medic Competition
Exercises
Allied Spirit
Combined Resolve
Dynamic Front
Rapid Trident
Saber Junction
Media & News
Uebungsbetrieb
Newcomers
A to Z
Contact Us
Home
:
Media & News
:
Video
DVIDSVideoPlayer
Playlist:
Search Results
Video by Dave Pope
Player Embed Code:
<iframe width='500' height='300' scrolling='no' frameborder='0' style='border: none; overflow: hidden; width: 500px; height: 300px;' allowtransparency='true' src='https://www.dvidshub.net/video/embed/834425'></iframe>
Download
Embed
Share
DoD Cloud Computing
Air Force Research Laboratory
March 3, 2022 | 4:56
Welcome!
My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer.
This is number 11 in the Blue Cyber Series. It's called “DoD Cloud Computing.”
The place to begin when talking about DoD cloud computing is a look at the DFARS clause 252-239-7010 cloud computing services. This DFARS applies when a cloud solution is being used to process data on the DoD’s behalf or the DoD is contracting with a cloud service provider to host or process data in a cloud. Whatever cloud you choose, this DFARS requires that you ensure:
that the cloud service provider meets all the requirements of the DoD cloud computing security requirements guide,
that they use government related data only to manage the operational environment that supports government data
and that your cloud service provider complies with cyber requirements for incident reporting and damage assessment
At the FEDRAMP website, you will find a list of the DoD approved cloud service providers. You may choose one of those or another cloud service provider but whatever cloud service provider you choose, they will need to comply with the DoD cloud computing security requirements guide, which can be found on the Internet and in the reference section at the end of this presentation.
One of the key features of the cloud environment that you choose will be the impact level for which DoD has approved that cloud service provider. An impact level of two is to handle information with sensitivity of public or non critical mission information and the security controls there are those of FEDRAMP moderate. However, if you're going to be protecting controlled unclassified information, you'll want to choose a cloud service provider with an impact level of four or five.
Another cloud computing concept to tackle is cloud computing as a service.
You can see by this model that there are many different possibilities when it comes to cloud computing as a service and there are different levels of management responsibilities depending upon which one you choose. Regardless of which one you choose, the protection of Department of Defense data and information remains your responsibility.
Enterprise cloud is a multi-cloud and multi-vendor ecosystem with three different cloud offerings. Let's take a look at each one.
The first cloud environment to talk about is the Defense Enterprise Office Solution or DEOS. DEOS is an enterprise commercial cloud environment supporting the DoD strategy to acquire and implement enterprise applications and services for joint use across the Department of Defense.
The second DoD cloud environment to talk about is milCloud 2.0. milCloud 2.0 has many benefits. It is secure: dozens of inherited critical security controls that it has are not available in the commercial cloud; it is easy to use, customers can buy cloud services in as few as 48 hours; and it is affordable as compute, storage, and network cloud services are priced at commercial parity.
The third DoD cloud computing environment to talk about is Cloud One. Cloud One is a multi-hybrid cloud environment with DoD centrally funded hosting that utilizes both Amazon Web Services and Microsoft Azure to host the Air Force’s enterprise general purpose applications. Cloud One provides a plethora of services that will accelerate the accreditation process, ensuring continuous compliance with security controls and facilitate rapid future deployment of capabilities.
The key to security in the cloud environment is continuous monitoring. You can see in this diagram that Cloud One creates the infrastructure layer for the security stack, which includes Platform One and your application.
Thank you for joining me today. My name is Kelley Kiernan and there are more talks like this one on the Blue Cyber Education Series website. That website is hosted on the Department of the Air Force Chief Information Security Officer website. And a reminder that this talk is not a substitute for reading the FAR and DFARS in your small business contract. So long.
More
Tags
#AFSBIR #AFWERX
More
Up Next
2:40
AFWERX INsights - Kittyhawk
5:57
Following the DFARS in Your Small Business Contract.
5:20
Protection of Common Types of Department of Defense Controlled Unclassified Information
4:30
DoD Cybersecurity Incident Reporting
3:47
Fast Track ATO
Now Playing
DoD Cloud Computing
0:37
AFWERX eVTOL AD
2:46
Seeding the Future: General Nano LLC
More Videos