“Cloud computing plays a critical role in the Department’s IT modernization efforts. Our key objective is to deliver a cost efficient, secure enough enterprise environment (the security driven by the data) that can readily adapt to the Department’s mission needs…,” said Mr. Terry Halvorsen, DoD Chief Information Officer, in a statement to the House Armed Services Committee, Subcommittee On Emerging Threats & Capabilities in February.
Halvorsen’s remarks serve as an introduction to the Best Practices Guide (BPG) which is targeted toward DoD mission owners who are planning to migrate an existing information system from a physical environment to a virtualized cloud environment.
The BPG is a collection of knowledge and experiences gained from the DoD CIO Cloud Pilots initiative, in particular the Defense Information Systems Agency’s Information Assurance Support Environment (IASE) and U.S. Army’s DoD Environment, Safety and Occupational Health Network and Information Exchange (DENIX).
The BPG is not intended to serve as DoD policy, DISA policy, a Security Requirements Guide (SRG), or a Security Technical Implementation Guide (STIG). It is a collection of best practices discovered during the DoD CIO Cloud Pilots effort for the benefit of the DoD community, according to DISA.
The DoD Cloud Computing Security Requirements Guide is located at http://iase.disa.mil/Cloud_security/Pages/index.aspx. Compliance with the SRG is a requirement for all cloud solutions, including commercial and government provided offerings.
To download the Best Practices Guide for DoD Cloud Mission Owners, go to: http://iasecontent.disa.mil/stigs/pdf/unclass-best_practices_guide_for_dod_cloud_mission_owners_FINAL.pdf .