DISA still plans commercial cloud for DOD

DISA is helping the Defense Department formalize processes for future commercial cloud service acquisitions, and will leverage a series of pilot programs between various defense agencies and cloud service providers as both take initial steps to harnessing commercial cloud computing services within the department, according to FCW.

This effort is being done despite DISA’s abandoning of a planned $450 million contract for commercial data storage, web hosting and other cloud services, Federal Times reported. Their strategy has not changed, but the agency is ensuring that it has clear requirements for contractors.

DISA wants to make sure that there is a sufficient customer base for any potential contract, as well as an adequate supply of vendors who meet government-wide cloud security standards, and thus it is pursuing this commercial cloud pilot program.

The plan works like this: if a defense agency or group wants to execute a cloud service pilot with controlled unclassified information, it will coordinate its plans with DISA, the cloud broker, FCW quoted a DISA spokesperson as saying; then, once the pilot is underway, the group will meet with DISA regularly to assess the pilot’s effectiveness.

This controlled unclassified information is information at Defense Department Impact Levels 1 and 2; pilot services for Impact Levels 3-5 are in draft format, and will provide DISA with data for the Cloud Security Model pilot. Assessments from several pilots will result in a comprehensive Cloud Security Model, FCW quoted a DISA official as saying.

The Cloud Security Model will be used for future cloud service acquisitions.

Pilots can be sponsored by any Defense Department organization, and there is not a fixed duration for the pilot period. The Cloud Broker Program Management Office, with support from the DISA Mission Assurance Executive team, oversees the pilot, FCW reported.

The pilot planning phase began in the middle of December 2013, and additional pilots can be added as Defense Department associations seek commercial cloud solutions. This process includes identification of pilot objectives, coordination of the acquisition package, cybersecurity assessment of the implementation and situational awareness and monitoring of pilot execution, FCW reported.