Cloud Computing for the Government Sector

Department of Defense (DoD) organizations often process sensitive data that cannot be entrusted to 3rd party organizations without precautions and protections. The Defense Information Systems Agency (DISA) is in the process of defining these protections and the process that ensures their implementation. Our research explores the gap between the existing state of cloud computing and DoD cloud provider requirements by consolidating the DISA draft requirements, which draw from some dozen other documents and government standards. This report’s intended audience includes cloud providers interested in providing service to DoD organizations, the DoD organizations that intend to use cloud services, the auditing entities that will ensure compliance with DISA requirements, and any vendor or organization interested in supporting the deployment of cloud services within the DoD.