Home / News / Report: DISA Testing Military Systems Against New FedRAMP Security Controls

Report: DISA Testing Military Systems Against New FedRAMP Security Controls

The Defense Information Systems Agency is working with the military to identify mission-critical systems and running pilot tests for the additional Federal Risk and Authorization Management Program Level 3 security requirements, Federal News Radio reported Thursday.

Jason Miller writes the tests are conducted to help the Defense Department‘s risk executive function determine the applicability of the new requirements and the acceptable risk in bringing critical applications to the cloud.

“We are looking at the business case of the additional parameters for controlled unclassified information, because we are very conscientious about where our data resides and how it’s protected,” said Kevin Dulany, risk management oversight chief at DoD’s office of the chief information officer.

Miller reports Levels 3 and 4 have at least 20 added security standards, although agencies are also concerned about a potential new baseline for applications rated beyond the moderate level.

According to FedRAMP Director Maria Roat, agencies rated only 12 percent of their systems as having high security requirements, and they are also having difficulty pinpointing those systems.

However, as the June 5 deadline has passed for agencies to use cloud services that comply with the new FedRAMP low-to-moderate standards, agencies continue to adjust to the new requirements.

With the possibility of new standards for high-rated systems and changes to the continuous monitoring process, FedRAMP is also looking at future changes to the federal cloud service marketplace, writes Miller.

“We are thinking through that, as well as taking feedback from the cloud service providers and really getting industry’s take on what should the program look like two years out and how it’s going to morph,” Roat said.

Check Also

SEC to Address Financial Technology Concerns, Innovations via New Hub

The Securities and Exchange Commission has opened a hub where it can coordinate with public and private sector entities to address concerns and initiate developments in financial technology.

Leave a Reply

Your email address will not be published. Required fields are marked *