Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

Similar documents
DISA CLOUD CLOUD SYMPOSIUM

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

About the DISA Cloud Playbook

Secure Cloud Computing Architecture (SCCA)

COMPLIANCE IN THE CLOUD

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

Developed by the Defense Information Systems Agency (DISA) for the Department of Defense (DoD)

READ ME for the Agency ATO Review Template

FedRAMP Digital Identity Requirements. Version 1.0

Secure Cloud Computing Architecture (SCCA)

Introduction to the Federal Risk and Authorization Management Program (FedRAMP)

DRAFT DEPARTMENT OF DEFENSE (DOD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release December, 2014

What is milcloud 2.0?

SIPRNet Contractor Approval Process (SCAP) December 2011 v2. Roles and Responsibilities

Click to edit Master title style

MIS Week 9 Host Hardening

Welcome to the DISA Cloud Symposium

Agency Guide for FedRAMP Authorizations

FedRAMP Initial Review Standard Operating Procedure. Version 1.3

American Association for Laboratory Accreditation

FiXs - Federated and Secure Identity Management in Operation

Cybersecurity Challenges

DEFENSE HEALTH AGENCY 7700 ARLINGTON BOULEVARD, SUITE 5101 FALLS CHURCH, VIRGINIA

Cloud Overview. Mr. John Hale Chief, DISA Cloud Portfolio February, 2018 UNITED IN SERVICE TO OUR NATION UNCLASSIFIED 1

INFORMATION ASSURANCE DIRECTORATE

Logical Separation. An evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

FedRAMP Security Assessment Framework. Version 2.1

FISMAand the Risk Management Framework

Guide to Understanding FedRAMP. Version 2.0

FEDERALLY COMPLIANT HYBRID IT QTS GOVERNMENT SOLUTIONS

FedRAMP Security Assessment Framework. Version 2.0

FedRAMP Plan of Action and Milestones (POA&M) Template Completion Guide. Version 1.1

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Department of Defense INSTRUCTION

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

Streamlined FISMA Compliance For Hosted Information Systems

Migrating Applications to the Cloud

SAC PA Security Frameworks - FISMA and NIST

Compliance & Security in Azure. April 21, 2018

Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance

U.S. Army Unified Capabilities Soft Client Subscription Service. AFCEA Belvoir Industry Days Town Hall April 3, 2018

FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS. VERSION 1.0 October 20, 2016

Building Trust in the Era of Cloud Computing

Internal Revenue Service (IRS) Publication 1075 Compliance in AWS. February 2018

Executive Order 13556

U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk

FISMA Cybersecurity Performance Metrics and Scoring

Department of Defense Fiscal Year (FY) 2015 IT President's Budget Request Defense Contract Audit Agency Overview

INFORMATION ASSURANCE DIRECTORATE

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

10 Considerations for a Cloud Procurement. March 2017

IT-CNP, Inc. Capability Statement

DISA Cybersecurity Service Provider (CSSP)

3/2/2012. Background on FISMA-Reheuser. NIST guidelines-cantor. IT security-huelseman. Federal Information Security Management Act

Cloud Customer Architecture for Securing Workloads on Cloud Services

FOR OFFICIAL USE ONLY DEPARTMENT OF THE AIR FORCE HEADQUARTERS AIR FORCE NETWORK INTEGRATION CENTER (AFNIC) SCOTT AIR FORCE BASE ILLINOIS

Fundamental Concepts and Models

Risk Management Framework for DoD Medical Devices

Compliance with NIST

DISN Evolution. TDM Elimination. Mr. Jessie L. Showers, JR., SES Infrastructure Executive (IE) 15 June 2017 UNITED IN SERVICE TO OUR NATION

CONNECTION PROCESS GUIDE

White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators.

FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide. Version 1.0

FedRAMP Training - Continuous Monitoring (ConMon) Overview

Joint Information Environment

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

Making. the Most of FedRAMP. Industry Perspective INDUSTRY PERSPECTIVE

DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND Joint Interoperability Test Command (JTE) 26 Mar 13

NIST Special Publication

Dr. Eng. Antonio Mauro, PhD October 20th 2011

DIACAP and the GIG IA Architecture. 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) (C)

NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Introduction to AWS GoldBase

Security

DHS Cloud Strategy and Trade Nexus. May 2011

Department of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Media Activity Overview

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Department of Defense Past Performance Information Retrieval System- Statistical Reporting Next Generation (PPIRS-SR NG)

Lunarline s School of Cyber Security Course Catalog

Who s Protecting Your Keys? August 2018

Security & Compliance in the AWS Cloud. Amazon Web Services

Data Security and Privacy Principles IBM Cloud Services

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

How to Establish Security & Privacy Due Diligence in the Cloud

Accelerating the HCLS Industry Through Cloud Computing

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Helping Meet the OMB Directive

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Empowering Business Adoption of the Cloud through Intelligent Security Solutions and Active Defense Platforms

November 17, The Honorable Patrick Shanahan Deputy Secretary of Defense U.S. Department of Defense. Dear Mr. Shanahan:

ASD CERTIFICATION REPORT

FedRAMP Security Assessment Plan (SAP) Training

Defense Information System for Security (DISS) Frequently Asked Questions (FAQs)

DoDD DoDI

Defense Cost and Research Center

NESSO QUICKSTART GUIDE

Transcription:

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form Page 1 of 5 Submitted to DISA s DoD Cloud Support Office by: Signature (Prefer CAC Digital) Received by DISA s DoD Cloud Support Office: Signature (Prefer CAC Digital) A. Cloud Service Provider (CSP), CSP Sponsor, & CSO Information: Date Date CSP DoD CSP Sponsor Third-Party Assessment Organization (3PAO) or DoD Approved Assessor CSO Title Website If the sponsor has a Cloud Information Technology Project (C-ITP) projected to use this CSO, please have the sponsor fill out a C-IPT Initial Contact Form and provide the C-ITP title here for reference. Title Cloud Service Model Data Impact Level Cloud Deployment Model IaaS - Infrastructure as a Service 1 - t Used Private Cloud PaaS - Platform as a Service 2 - n-controlled Unclassified Information Community Cloud SaaS - Software as a Service 3 - t Used 4 - Controlled Unclassified Information (non - National Security Systems (NSS)) Public Cloud Hybrid Cloud 5 - Controlled Unclassified Information (NSS) 6 - Classified Information (up to Secret) CSO Description Target Cloud Access Point(s) (CAP(s)) Target Date of Operation DISA CAP Navy CAP Target Date of Connection Use this form to make initial contact with the DISA Cloud Support Office regarding a request for assessment, registration, and/or connection to the DISA CAP for a cloud service offering Please email this completed form to disa.meade.re.mbx.disa-commercial-cloud@mail.mil Form Release Date 14 August 2016

Page 2 of 5 A. Cloud Service Provider (CSP), CSP Sponsor, & CSO Information: (Continued) Physical Location(s) of the CSP-CSO Environment Location of the Users for this CSO A - CONUS B - EUROPE C - Pacific D - Soutwest Asia E - Other (and) 1 - NIPRNet Only 2 - NIRPNet and Internet 3 - Internet Only 4 - Other B. Federal Risk and Authorization Program (FedRAMP) Assessment Status: FedRAMP Package Package ID Authorizing Agency Authorization Date Authorization Expiration Date Type of FedRAMP Authorization Joint Authorization Board (JAB) Authority to Operate (ATO) United States (US) Government Agency ATO Status of FedRAMP Authorization t Submitted Submitted (t Complete) Completed Status Narrative Has a System Security Plan (SSP) been written, has an assessor been engaged, when would the CSP submit the DoD SSP Addendum to Initiate the assessment, etc. 1. Does the CSP request that DISA perform the FedRamp+ assessment of the CSO? If NO, identify the DoD Organization that will perform the FedRamp+ assessment in collaboration with DISA

Page 3 of 5 C. Information Used to Assess Mission Priority: 1. Does this effort directly support a high profile DoD Mission as recognized by a DoD CIO or J6? If so, please provide POC information: DoD CIO or J6 2. Does this effort directly support a DoD contract? If so, please provide Contract & Contract POC information: Contract Name or Number Contract 3. Is this CSP-CSO in use by an existing DoD IT Project and is migrating to a multi-tenant or public cloud deployment? If so, please provide IT Projects POC information: Name of IT Project currently using CSP-CSO IT Project Name of 2nd IT Project in New Deployment 2nd IT Project

D. Information Used for Initial Technical Planning: These questions are only for connection to the DISA CAP. Please fill in as much information as possible. This information will be used to assess the CSO maturity for setting priorities. Page 4 of 5 1. Is there an existing physical or logical communications path between the CSP enclave and the DISN? If so, what is the existing Command Communications Service Designator (CCSD)? CCSD 2. Is a new Physical or Logical Circuit (L3VPN, IPSec, etc.) required between the CSP and the CAP/MeetMe Point? 3. What is the CAP Connection Type required? 4. Provide the Diversity requirement (network redundancy type requirement) 5. Provide the estimated bandwidth requirement 6. Provide the required number of estimated concurrent users 7. Provide Additional performance requirements (Latency maximums, packet loss, Jitter, etc.) 8. What applications / services / protocols / ports are within the CSO? (ie. Mail, DNS, Web Browsing, Voice, Chat, Video, et) 9. Provide application profile names applicable to the CSO using the descriptions from the paloalto networks website (https://applipedia.paloaltonetworks.com) 10. What is the IP space utilized by the CSO? 11. Provide reference identification numbers for these databases when available. PPSM SNAP 12. Provide Network / enclave / System Topology Diagrams with this form. (If available)

Please fill in as much information as possible. This information will be used to assess the CSO maturity for setting priority. Page 5 of 5 E. Information Used for Initial Security Assessment Planning: 1. Does the CSO plan to support information subject to privacy protection? 2. Does all customer data remain under US jurisdiction while stored or processed? 3. Will there be only DoD and Federal Government tenants (customers) on the CSO and underlying infrastructure? 4. Is there strong virtual separation among the tenants / missions for both data storage and processing, having the ability to meet search and seizure requests for non-dod information and data without release of DoD information and data? 5. If the CSO is responsible for authentication of entities and/or identifying a hosted DoD information system, can the CSO integrate with the DoD PKI in accordance with DoDI 8520.03? 6. Do the data processing facilities meet the requirements defined in the FedRAMP Moderate baseline and FedRAMP+ C/CEs related to physical security? 7. Does the CSP establish personnel position sensitivity risk determinations based on OPM guidance and the Position Sensitivity Tool? 8. Can DOD data at rest be encrypted with validated FIPS-140-2 validated cryptography? 9. Does only the customer have full control of generation, management, use, and destruction of the crypto keys? 10. Will the CSO force all DoD traffic to and from the CSP infrastructure through a DoD cloud access point (CAP)? 11. For off-premises infrastructure, does the architecture include connecting via one or more boundary CAPs (BCAPs)? 12. For SaaS offerings, does the CSO implement defense-in-depth measures? 13. Does the CSP have an incident response plan (or addendum) meeting the DoD requirements? 14. Will the CSP report all incidents via the on-line Defense Industrial Base (DIB) Cyber Incident Collection Form? 15. Do appropriate personnel have or are willing to secure either a DoD PKI certificate or DoD-approved medium assurance External Certificate Authority (ECA) certificate for secure communications with DoD entities regarding C2 or CND functions? 16. Will the CSP receive, act upon, and report compliance with CND Tier II directives and notifications? 17. Is the CSP already a member of the DIB Cyber Security / Information Assurance Program or willing to become one?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback