New DISA Guidance
The Defense Information Systems Agency (DISA) has released three documents pertaining to cloud security. These documents hope to aid the Defense Department in securing the network against attacks. According to a report in C4ISR & Networks, the documents will include two new requirement guides and a new concept of operations. The goal of these documents is to prevent the disruption of cloud service provider-supported DoD missions. In addition, they will aid in creating a perimeter defense and monitoring architecture for applications hosted in commercial cloud environments.
The cloud access point (CAP) functional requirements document (FRD) calls for a line of defense between e Department of Defense Information Network (DoDIN) and Internet-based public cloud service offers. According to the documents, the first DISA-established CAP is a modified NIPRNet federated gateway.
Jack Wilmer, DISA infrastructure development executive, has told C4ISR & Networks, “A CAP being fully scalable and able to support the enterprise, to include the availability of the application protection enterprise-wide, is scheduled to be ready by early 2016.”
The documents also state, “As DoD strives to meet the objectives of the DoD CIO to maximize the use of cloud computing, the DoDIN perimeter must continue to be protected against cyber threats from external connections. The CAP will proactively and reactively prevent attacks against the DoDIN infrastructure, particularly traffic from mission applications that originates in the cloud service environment…there are many information assurance functions that may be implemented as detect and prevent measures to address the different types of external attacks”