If you are an ISV or SaaS solutions provider looking to pursue US DOD and FedRAMP accreditations then please join our webinar discussion on DOD Impact Level 4 ATO and Lessons Learned
The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond those established by the Federal Risk and Authorization Management Program (FedRAMP).
Using the FedRAMP requirements as a foundation, the Defense Information Systems Agency (DISA) developed and maintains the DoD Cloud Computing Security Requirements Guide (CC SRG). The DoD CC SRG defines the standards for categorizing DoD information and information systems and breaks them into 4 Impact Levels (DoD ILs):
• DoD IL 2 – Public or Non-Critical Mission Information
• DoD IL 4 – Controlled Unclassified Information (CUI) or Non-CUI, Non-Critical Mission Information, Non-National Security Systems
• DoD IL 5 – Higher Sensitivity Controlled Unclassified Information (CUI), Mission Critical Information, National Security Systems
• DoD IL 6 – Classified SECRET, National Security Systems