Cloud ComputingSSSC delivers design, migration and sustainment services for any Department of Defense (DoD) application ranging from stand-alone applications up to and including enterprise systems. SSSC is well versed in DoD cloud requirements and is able to take an application migration plan from inception to Authority to Operate (ATO).
|
|
Design Guidelines - Federal Requirements
Cloud computing technology and services provide the DoD with the opportunity to deploy a commercial cloud environment aligned with Federal Department-wide Information Technology (IT) strategies and efficiency initiatives, including federal data center consolidation. Cloud computing enables the DoD to consolidate infrastructure, leverage commodity IT functions, and eliminate functional redundancies while improving continuity of operations (COOP). Consistent implementation and operation of these requirements assures mission execution, provides sensitive data protection, increases mission effectiveness, and ultimately results in the outcomes and operational efficiencies the DoD seeks.
SSSC complies with the DoD Cloud Computing Security Requirements Guide (SRG) developed by the Defense Information Systems Agency (DISA) which provides guidance for the regulatory requirements needed to migrate a DoD application into a commercial cloud environment.
SSSC is part of the AF migration team, moving current AF applications into an approved commercial cloud environment designed, built and sustained by SSSC cloud architects. SSSC abides by the cloud service provider's (CSP's) Best Practices guides including those written specifically for Architecting and Security.
SSSC complies with the DoD Cloud Computing Security Requirements Guide (SRG) developed by the Defense Information Systems Agency (DISA) which provides guidance for the regulatory requirements needed to migrate a DoD application into a commercial cloud environment.
SSSC is part of the AF migration team, moving current AF applications into an approved commercial cloud environment designed, built and sustained by SSSC cloud architects. SSSC abides by the cloud service provider's (CSP's) Best Practices guides including those written specifically for Architecting and Security.
Architecture and Design
SSSC AWS Certified Solution cloud architects have successfully completed certification program training and all adhere to cloud design best practices for security, functionality and cost optimization.
SSSC can provide website hosting, a hybrid extension of an existing network, or complete migration services for existing enterprise applications into a secure, DoD approved environment.
SSSC can provide website hosting, a hybrid extension of an existing network, or complete migration services for existing enterprise applications into a secure, DoD approved environment.
DoD Data Impact Levels
Cloud security information impact levels are defined by the combination of the sensitivity level of the information to be stored and processed in the cloud environment and the potential impact that results in the loss of confidentiality, integrity or availability of the data, systems or networks.
The published Cloud Security Model defines four information Impact Levels (IL); IL2 includes all data cleared for public release, as well as some DoD private unclassified information not designated as Controlled Unclassified Information (CUI). IL4 accommodates CUI, Personally Identifiable Information (PII), or other mission critical data which refers to unclassified information that, under law or policy, requires protection from unauthorized disclosure. IL5 covers CUI deemed by law, other government regulations, or the agency to need a higher level of protection than IL4 provides. IL5 also covers unclassified National Security Systems. IL6 covers classified national security information, classified as secret. The figure on the right shows the DoD Impact Levels as described.
The published Cloud Security Model defines four information Impact Levels (IL); IL2 includes all data cleared for public release, as well as some DoD private unclassified information not designated as Controlled Unclassified Information (CUI). IL4 accommodates CUI, Personally Identifiable Information (PII), or other mission critical data which refers to unclassified information that, under law or policy, requires protection from unauthorized disclosure. IL5 covers CUI deemed by law, other government regulations, or the agency to need a higher level of protection than IL4 provides. IL5 also covers unclassified National Security Systems. IL6 covers classified national security information, classified as secret. The figure on the right shows the DoD Impact Levels as described.
click on image to see it larger
Cloud Security
The CSP is responsible for security OF the cloud, including such things as the physical security, network infrastructure and specific managed services, while the mission owner of the application is responsible for security IN the cloud such as the operating systems of the specific virtual machines, data encryption and access control. SSSC designs environments with the shared cloud security model shown above. SSSC provides security IN the cloud for the mission owner under sustainment services.
|
SSSC builds Defense Information Systems Agency (DISA) approved secure environments. SSSC instances launched into a DoD cloud environment are hardened to meet DISA security to better than 90% compliance using the available DISA Security Technical Implementation Guides (STIGs). STIG guidance ensures that virtual machines (VMs) are locked down to meet DoD environment security requirements. STIG settings are applied to the operating system and support software as needed, thereby allowing the application to run correctly and to be compliant with DoD security.
Additionally, SSSC has developed a security-specific Virtual Private Cloud (VPC) holding security systems that are required to meet DoD IL4 and IL5 compliance. The SSSC security VPC operates DISA machine images of both the Assured Compliance Assessment Solution (ACAS) system and a Host Based Security System (HBSS) for application to all DoD environments, particularly IL4 and higher DoD networks. ACAS and HBSS are kept up to date with DISA guidance by our in-house, DoD certified ACAS Subject Matter Experts (SME). ACAS scan outputs are made available for review to the customer's security team. Security using the DoD Common Access Card (CAC) is also implemented and available for use by mission owners. The added security of CAC card authentication and authorization can be used to limit cloud access to authorized personnel. Account access is available either via a secure shell (SSH) client or through a web portal. |
Sustainment
|
SSSC System Administrators have substantial experience in the sustainment of a cloud environment. From applying patches, updates and STIG controls to backup and disaster recovery, SSSC will work with the mission owner to ensure the environment functions as designed and is recoverable from an unexpected catastrophic failure.
For mission owners (MOs) currently managing everything in on-premise datacenters, the migration of an application to the cloud and subsequent sustainment by SSSC can free staff to concentrate on core mission functions, while SSSC manages the environment. Mission owners are able to pick the level of sustainment they require and assign SSSC experts to keep the systems running and secure. SSSC sustainment can be provided at different service levels, based on user requirements, including Infrastructure as a Service (IaaS) (SSSC manages some of the environment), Platform as a Service (PaaS) (SSSC manages most of the environment), or Software as a Service (SaaS) (SSSC manages all of the environment). Customized sustainment packages are also available. |
click on image to see it larger
|
