Friday, January 4, 2019

DoD Cloud Enclave Design Notes

​Goal:  Establish an accreditated enclave within a Cloud Service Provider (CSP) Cloud Service Offering (CSO) that has the infrastructure support and security services needed to host applications and/or enable use of cloud services.
Prerequisites:
  • Organization must categorize their data IAW FIPS 199 and NIST SP 800-160, 800-59 to determine the impact levels for Confidentiality, Integrity, and Availability as well as whether the application(s) and/or data is a National Security System
  • ​CSO must have a DoD Provisional Authorization (PA) at the Impact Level (IL) required by the applications and/or data to be used within the environment/accreditation boundary.
Before You Start:
  • Turn on CSO auditing and logging (e.g. AWS CloudTrail)
  • Identify the roles needed in the environment and authenticaiton realm(s) to be used.
    • ​AWS Management Console
    • operating systems (if using IaaS)
    • platform or application administrators (if using PaaS, SaaS)
  • ​Design a backup strategy. Define the retention periods for data, establish Recovery Time Objective(s) (RTO), Recovery Point Objective(s) (RPO). Note their may be serveral levels of RTO and RPO depending on the criticality of the application or data.

No comments:

Post a Comment