by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : April 30, 2014
April 30, 2014 FCW.COM 25 Although DISA has mandated that CSPs must be assessed against complex NIST-based controls as impact levels increase, milCloud has not been evaluat- ed against those controls. Instead, it was assessed against the DOD Information Assurance Certi cation and Accredita- tion Process (DIACAP). In mid-March, Mihelcic told FCW that FedRAMP alone would not adequately address DOD s needs and that milCloud did not undergo FedRAMP accredita- tion. He explained that milCloud was measured against DIACAP --- DOD s long-established information assur- ance certi cation requirements. DIA- CAP is one of the standards from which FedRAMP requirements are derived. Days later, news emerged that DOD CIO Teri Takai had written a memo declaring that DOD had adopted NIST s risk-based security approach rather than DIACAP for all IT endeavors. In a follow-up interview, Mihelcic said, "DOD is planning to assess milCloud utilizing FedRAMP controls coupled with the impact-level criteria de ned in DOD s Cloud Security Model. This approach supports the department s use of the Risk Management Frame- work for continuous monitoring and ongoing authorization." A recent draft memo written by Takai and obtained by FCW called for the suspension of cloud services that do not have a DOD provisional authoriza- tion. DISA of cials did not respond to a follow-up question asking whether mil- Cloud s operations would be suspended. FCW spoke with executives from numerous cloud vendors about com- peting with DISA s cloud services plat- form. None would speak on the record for fear of damaging relationships with the agency that must assess their cloud solutions, but most of their comments called for fairness. "We hope DISA creates a level playing eld for cloud security, features, service and price," said one high-level executive at a CSP that is in the process of achieving an authority to operate from DOD. "DOD needs to embrace the cloud, and anybody that meets all the criteria should be allowed to participate. If cloud is being done to create choices for DOD to increase security posture and get utility-based pricing, I m all for competition. We just want a fair shake." An executive at another well-known CSP, however, called milCloud "a bas- tardization of DISA data centers" that imitates cloud but "will never be cloud." MilCloud appears to meet a large por- tion of NIST s de nition of cloud com- puting, but many industry leaders ques- tion whether it is actually a cloud. "Why doesn t DISA just leverage what industry already has?" the executive said. "If you re building all these impact levels and you expect more than one provider to get to Level 5, why do you need to build your own?" Mihelcic told FCW that milCloud gives DOD s component agencies the option to use cloud services for sensi- tive or classi ed information. He also said no cloud service providers have come forward to be assessed against DOD Impact Levels 3-5, though those standards only recently came out of draft status. "The real issue isn t that we re com- peting with commercial industry, it is how DOD is going to acquire and imple- ment computing services, in this place, to meet sensitive but unclassi ed infor- mation at Impact Levels 3-5 and Level 6 [for] classi ed information," Mihelcic said. "Part of the goal is to ensure that our customers --- DOD program man- agers and operators --- truly desire this cloud capacity. The reality is if we can make it simple for DOD users to transi- tion to the cloud, there are bene ts to the entire cloud industry moving for- ward. If we make the burden of cloud adoption go down, there is room in this space for lots of different players in lots of different technologies." Critics have also called into question DISA s sole-source contract award in March 2013 to Jackpine Technologies. According to DISA of cials, the $1 mil- lion engineering services contract is for one year with two one-year options and continues the work the company began several years ago when DISA started down the road to infrastructure as a service. A subsequent special notice from DISA for non-competitive contract action with Jackpine, published in March, stated that the company has developed approximately 85,000 lines of code for milCloud. "Jackpine Technologies is [principal] architect and developer and owner of the milCloud CONS3RT software solu- tion and is the only contractor who understands the code and can effi- ciently modify it," the notice states. "We hope DISA creates a level playing eld We just want a fair shake. "
April 15, 2014
May 15, 2014