If you are an ISV or SaaS solutions provider looking to pursue US DOD and FedRAMP accreditations then please join our webinar discussion on DOD Impact Level 4 ATO and Lessons Learned. You can learn more by registering here

Date: Dec 7, 2022 02:00 PM in Eastern Time (US and Canada)

The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond those established by the Federal Risk and Authorization Management Program (FedRAMP).

Using the FedRAMP requirements as a foundation, the Defense Information Systems Agency (DISA) developed and maintains the DoD Cloud Computing Security Requirements Guide (CC SRG). The DoD CC SRG defines the standards for categorizing DoD information and information systems and breaks them into 4 Impact Levels (DoD ILs):

• DoD IL 2 – Public or Non-Critical Mission Information
• DoD IL 4 – Controlled Unclassified Information (CUI) or Non-CUI, Non-Critical Mission Information, Non-National Security Systems
• DoD IL 5 – Higher Sensitivity Controlled Unclassified Information (CUI), Mission Critical Information, National Security Systems
• DoD IL 6 – Classified SECRET, National Security Systems

FedRAMP Plus (FedRAMP +) leverages a FedRAMP assessment and adds specific security controls and requirements necessary to meet and assure DoD’s requirements. There are three (3) paths to obtaining a DOD Provisional Authorization (PA) for the CC SRG IL-4 and we will explain each path.

stackArmor, Bluescape, and Schellman will be discussing our most recent PA and the lessons learned.

Key Topics that will be covered:
• The sensitivity of the information to be stored and/or processed in the cloud.
• The potential impact of an event that results in the loss of confidentiality, integrity or availability of that information.
• Shared Responsibility Model
• Cloud security requirements exist for CSPs and DoD Mission Owners
• The DoD PA is not the Authority To Operate (ATO)
• The connection approval process
• Continuous monitoring requirements must be performed before and after authorization based on FedRAMP and DoD requirements
• Enterprise Mission Assurance Support Service (eMASS)



Some Important Links-