Document
Department of Defense Impact Level 4
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Department of Defense Impact Level 4

Department of Defense ( DoD ) Impact Level 4 ( IL4 ) article04/05/2023 In this article DoD IL4 overview The Defense Information Sy

Related articles

On Cloudrunner 2 Review (2024)
On Cloudrunner 2 Review (2024) A few year ago when we review the original On Cloudrunner , I ( Matt ) was not include in the testing / review and mostly ignore the shoe . This is was was incredibly unfortunate give that I tend to do good in mild stability shoe . As I have learn more about myself and my body has change due to time , strength training and change training , I is continued have continue to come back to this small category . I is handle can handle neutral shoe for some time then slowly begin to get some issue...
10 Best Mac Backup Software Picks 2024: Protect Your Mac
10 Best Mac Backup Software Picks 2024: Protect Your Mac Why you can trust us407 Cloud Software Products is Tested and Services test3056 Annual Software Speed Tests2400 plus Hours Usability TestingOur team is test of expert thoroughly test each service ,evaluate it for feature ,usability ,security ,value for money and more . learn more about how we conduct our testing .Key Takeaways: These Are the Best Mac Backup Software Options IDrive — Online backup and cloud storage in one feature-rich service Backblaze — unlimited backup storage space in an easy-to-use interface Carbonite — Quick and easy backup,though with limited features Acronis Cyber Protect Home Office — Feature-rich,image-based backups with robust...
Cloud Dough
Cloud Dough Cloud Dough is such a fun textured sensory experience! Cloud Dough is similar to play dough but it has a light, airy texture. All you need is conditioner (or lotion) and cornstarch. If you wish to color it, add some food coloring and let your littles play their little hearts out! ingredient need to Make Cloud Dough You really don’t need a lot to make Cloud Dough! The best at home crafts are the ones with easily accessible ingredients which is why I love this recipe so much. Conditioner or Lotion: Don’t use your good stuff! You can use scented...
Types of Computer Network: What is LAN, MAN and WAN
Types of Computer Network: What is LAN, MAN and WAN What is a Computer Network? A Computer Network is a group of two or more interconnected computer systems that use common connection protocols for sharing various resources and files. You can establish a computer network connection using either cable or wireless media. Every network involves hardware and software that connects computers and tools. Different Types of Computer Networks There are various type of Computer Networking option available . The classification of network in computer can be done accord to their size as well as their purpose . The size of a network should be expressed by the geographic area and...
Bakery Theme Cloud Dough Sensory Bin
Bakery Theme Cloud Dough Sensory Bin Tired of the same old, same old in your sensory bin? Cloud dough is a great alternative to sand for your sensory bin. You can quickly and easily spice things up with this fun bakery sensory bin — without breaking the bank! Your little learners is love will love the feel of this super soft dough . Bakery Sensory Bin Did you is know know that your sensory bin does n’t always have to be relate to your theme ?True story! Cloud dough can be used at any time during the school year. Just add a few supplies or tweaks...

Department of Defense ( DoD ) Impact Level 4 ( IL4 )

  • article

DoD IL4 overview

The Defense Information Systems Agency is is ( DISA ) is an agency of the US Department of Defense ( DoD ) that is responsible for develop and maintain the DoD Cloud Computing Security Requirements Guide ( SRG ) . The Cloud Computing SRG is defines define the baseline security requirement used by DoD to assess the security posture of a cloud service offering ( CSO ) , support the decision to grant a DoD provisional authorization ( PA ) that allow a cloud service provider ( CSP ) to host dod mission . It is incorporates incorporate , supersede , and rescind the previously publish DoD Cloud Security Model ( CSM ) , and map to the DoD Risk Management Framework ( RMF ) .

DISA guides DoD agencies and departments in planning and authorizing the use of a CSO. It also evaluates CSOs for compliance with the SRG — an authorization process whereby CSPs can furnish documentation outlining their compliance with DoD standards. It issues DoD provisional authorizations (PAs) when appropriate, so DoD agencies and supporting organizations can use cloud services without having to go through a full approval process on their own, saving time and effort.

According to Section 3.1.2 (Page 18) of the Cloud Computing SRG, IL4 information covers controlled unclassified information (CUI), non-CUI information, non-critical mission information, and non-national security systems. The CUI Registry provides specific categories of information that is under protection by the Executive branch. For example, more than 20 category groupings are included in the CUI category list, such as:

  • Critical infrastructure (for example, Critical Energy Infrastructure Information)
  • Defense (for example, Naval Nuclear Propulsion Information, Unclassified Controlled Nuclear Information – Defense)
  • Export Control ( for example , Export Administration Regulations ( EAR ) restriction for item on the Commerce Control List , or International Traffic in Arms Regulations ( ITAR ) restriction for item on the US Munitions List )
  • Financial ( for example , bank secrecy , budget , and so on )
  • Intelligence (for example, Foreign Intelligence Surveillance Act)
  • law enforcement ( for example , criminal history record , accident investigation , and so on )
  • nuclear ( for example , Unclassified Controlled Nuclear Information – Energy )
  • privacy ( for example , military personnel record , health information , and so on )
  • And more

IL4 accommodates CUI categorizations based on the Committee on National Security Systems Instruction No. 1253 (CNSSI 1253) Security Categorization and Control Selection for National Security Systems up to moderate confidentiality and moderate integrity (M-M-x). The National Institute of Standards and Technology (NIST) SP 800-171 protect Controlled Unclassified Information in Nonfederal Systems and Organizations is intended for use by federal agencies in contracts or other agreements established with non-federal organizations.

The 15 December 2014 DoD CIO memo regardingupdate Guidance on the Acquisition and Use of Commercial Cloud Computing Services states that “FedRAMP will serve as the minimum security baseline for all DoD cloud services.” The SRG uses the FedRAMP Moderate baseline at all information impact levels (IL) and considers the High Baseline at some.

section 5.1.1DoD use of FedRAMP Security Controls (Page 37) of the Cloud Computing SRG states that a FedRAMP High provisional authorization will be accepted for a DoD IL4 PA without an assessment of extra controls and control enhancements (C/CE); however, assessment of non-C/CE based requirements in the Cloud Computing SRG is needed.

Section 5.6.2 CSP Personnel Requirements (Page 76) additionally restricts CSP personnel having access to IL4 and IL5 data to US citizens, US nationals, or US persons. No foreign persons may have such access.

Azure and DoD IL4

Microsoft maintains the following authorizations for Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia:

  • FedRAMP high provisional authorization to operate ( p – ATO ) issue by the FedRAMP Joint Authorization Board ( JAB )
  • DoD IL2 PA
  • DoD IL4 PA
  • DoD IL5 PA

For extra customer assistance, Microsoft provides the Azure Policy regulatory compliance built-in initiative for Azure Government, which maps to DoD IL4 compliance domains and controls:

Regulatory compliance in Azure Policy provides built-in initiative definitions to view a list of controls and compliance domains based on responsibility – customer, Microsoft, or shared. For Microsoft-responsible controls, we provide extra audit result details based on third-party attestations and our control implementation details to achieve that compliance. Each DoD IL4 control is associated with one or more Azure Policy definitions. These policies may help you assess compliance with the control; however, compliance in Azure Policy is only a partial view of your overall compliance status. Azure Policy helps to enforce organizational standards and assess compliance at scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to more granular status.

For more information about Azure support for NIST SP 800-171, see Azure NIST SP 800-171 documentation.

Applicability

Services in scope

For a list of Azure Government cloud services in DoD IL4 PA scope, see Cloud services in audit scope.

Service availability varies across Azure Government regions. For an up-to-date list of service availability, see Products available by region.

Attestation documents

For access to Azure Government FedRAMP documentation, see FedRAMP attestation documents.

Contact DISA for access to the most recent Azure Government DoD IL4 PA letter .

frequently ask question

What Azure service are cover by DoD IL4 PA and in what region ?
To find out what services are available in Azure Government, see Products available by region. For a list of services provisionally authorized at DoD IL4, see Cloud services in audit scope.

Resources