Jeffrey Roman writes the DoD Cloud Security Act would task the U.S. comptroller general and the agency’s chief information officer with evaluating the capabilities of the existing cloud system, implementing security requirements based on best practices and exploring commercial hosting for DoD information systems.
“This legislation will allow DoD to take full advantage of the cloud services and best practices from both the government and commercial sector, which will, in turn, decrease costs, increase accessibility and allow for a more secure system overall,” said Tsongas.
Allan Friedman, a research scientist at the George Washington University’s Cyber Security Policy Research Institute, said the legislation could also lead to changes in DoD’s technology procurement process, according to the report.
“Both for public cloud architectures and for private, we do need easy, quick ways of thinking about it from a security perspective as a purchaser,” Friedman explained.