Cloud computing security requirements for the US Department of Defense for Impact Level 2, Impact Level 4, and Impact Level 5
The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD specifically has defined additional cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud Service Providers (CSPs) supporting U.S. DoD customers are required to comply with these requirements.
Skyhigh Security has been granted a DoD Impact Level 2 (IL2) Provisional Authorization (PA) from Defense Information Systems Agency (DISA) leveraging Skyhigh Security's FedRAMP Moderate ATO. DoD IL2 is for non-Controlled Unclassified Information (non-CUI), which includes all data cleared for public release, as well as some DoD private unclassified information not designated as CUI or critical mission data that requires some minimal level of access control.
Skyhigh Security is actively pursuing DoD Impact Level 4 and DoD Impact Level 5 with multiple customers.
DoD IL4 is for Controlled Unclassified Information(CUI) which includes protection of data from unauthorized disclosure established by Executive Order 13556( Nov 2010); Education, Training, PII, PHI, SSN, Credit Card Information, Export Controls, FOUO and Law Enforcement Sensitive material and email.
DoD IL5 is Controlled Unclassified Information(CUI) and National Security Systems(NSS) which is the highest unclassified information level of protection.