Skip to main content (Press Enter).
U.S. Air Force Logo
News
Photos
Week in Photos
Air Force TV
Commentaries
Features
Art
About Us
DAF Executive Order Implementation
Air Force Senior Leaders
SECAF
CSAF
CMSAF
Biographies
Fact Sheets
50 Years of the CMSAF
Adjunct Professors
Air Force Strategic Documents
Arctic Strategy
Empowered Airmen
Careers
AF Federal Advisory Committees
AF 75th Anniversary
Policy Updates
AF Content Management
Contact Us
AF Sites
Site Registration
Events 2025
COVID Reinstatement
DLE
DAF Entertainment Liaison Office
Secretariat of the Air Force
DAF Chief Information Officer (SAF/CN)
International-Affairs (SAF/IA)
Energy Installations Environment (SAF/IE)
Financial Management (SAF/FM)
Air Force
Freedom 250
Policy Updates
Newsroom
BIOGRAPHIES
AF Senior Leaders
Playlist:
Search Results
FEATURED VIDEOS
Video by Dave Pope
Player Embed Code:
<iframe width='500' height='300' scrolling='no' frameborder='0' style='border: none; overflow: hidden; width: 500px; height: 300px;' allowtransparency='true' src='https://www.dvidshub.net/video/embed/834425'></iframe>
Share
Embed
Download
DoD Cloud Computing
Air Force Research Laboratory
March 11, 2022 | 4:56
Welcome!
My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer.
This is number 11 in the Blue Cyber Series. It's called “DoD Cloud Computing.”
The place to begin when talking about DoD cloud computing is a look at the DFARS clause 252-239-7010 cloud computing services. This DFARS applies when a cloud solution is being used to process data on the DoD’s behalf or the DoD is contracting with a cloud service provider to host or process data in a cloud. Whatever cloud you choose, this DFARS requires that you ensure:
that the cloud service provider meets all the requirements of the DoD cloud computing security requirements guide,
that they use government related data only to manage the operational environment that supports government data
and that your cloud service provider complies with cyber requirements for incident reporting and damage assessment
At the FEDRAMP website, you will find a list of the DoD approved cloud service providers. You may choose one of those or another cloud service provider but whatever cloud service provider you choose, they will need to comply with the DoD cloud computing security requirements guide, which can be found on the Internet and in the reference section at the end of this presentation.
One of the key features of the cloud environment that you choose will be the impact level for which DoD has approved that cloud service provider. An impact level of two is to handle information with sensitivity of public or non critical mission information and the security controls there are those of FEDRAMP moderate. However, if you're going to be protecting controlled unclassified information, you'll want to choose a cloud service provider with an impact level of four or five.
Another cloud computing concept to tackle is cloud computing as a service.
You can see by this model that there are many different possibilities when it comes to cloud computing as a service and there are different levels of management responsibilities depending upon which one you choose. Regardless of which one you choose, the protection of Department of Defense data and information remains your responsibility.
Enterprise cloud is a multi-cloud and multi-vendor ecosystem with three different cloud offerings. Let's take a look at each one.
The first cloud environment to talk about is the Defense Enterprise Office Solution or DEOS. DEOS is an enterprise commercial cloud environment supporting the DoD strategy to acquire and implement enterprise applications and services for joint use across the Department of Defense.
The second DoD cloud environment to talk about is milCloud 2.0. milCloud 2.0 has many benefits. It is secure: dozens of inherited critical security controls that it has are not available in the commercial cloud; it is easy to use, customers can buy cloud services in as few as 48 hours; and it is affordable as compute, storage, and network cloud services are priced at commercial parity.
The third DoD cloud computing environment to talk about is Cloud One. Cloud One is a multi-hybrid cloud environment with DoD centrally funded hosting that utilizes both Amazon Web Services and Microsoft Azure to host the Air Force’s enterprise general purpose applications. Cloud One provides a plethora of services that will accelerate the accreditation process, ensuring continuous compliance with security controls and facilitate rapid future deployment of capabilities.
The key to security in the cloud environment is continuous monitoring. You can see in this diagram that Cloud One creates the infrastructure layer for the security stack, which includes Platform One and your application.
Thank you for joining me today. My name is Kelley Kiernan and there are more talks like this one on the Blue Cyber Education Series website. That website is hosted on the Department of the Air Force Chief Information Security Officer website. And a reminder that this talk is not a substitute for reading the FAR and DFARS in your small business contract. So long.
More
Tags
#AFSBIR #AFWERX
More
Up Next
2:40
AFWERX INsights - Kittyhawk
Now Playing
DoD Cloud Computing
3:47
Fast Track ATO
4:30
DoD Cybersecurity Incident Reporting
5:20
Protection of Common Types of Department of Defense Controlled Unclassified Information
5:57
Following the DFARS in Your Small Business Contract.
0:37
AFWERX eVTOL AD
More Videos