Cloud Computing Concerns of the U.S. Government by Michael Erbschloe - HTML preview

/ Home / Computer & Internet / Cloud Computing Concerns of the U.S. Government
PLEASE NOTE: This is an HTML preview only and some elements such as links or page numbers may be incorrect.
Download the book in PDF, ePub for a complete version.
PREV   NEXT

Appendix C Roles and Responsibilities

Table 7 provides a summary of the major roles and responsibilities in implementation of the Cloud Computing SRG.

Table 7 - Roles and Responsibilities

Role

Responsibility

DISA
  • Provide security requirements guidelines (SRGs) and Security Technical Implementation Guidance (STIGs) for DoD cloud computing
  • Assess CSP’s Service Offerings and 3PAO results for consideration in awarding a DOD Provisional Authorization
  • Issue DoD Provisional Authorizations
  • Develop and maintain a DoD Cloud Access Point (CAP).
  • Provide DoDIN Computer Network Defense (CND) capabilities and maintain a CND concept of operations (CONOPS).
  • Provide technical support for the DoD CIO's role on the FedRAMP Joint Authorization Board
  • Provide a catalog of DoD cloud services .
  • Maintain a registry of DoD Components using commercial cloud services.
  • Support the DoDIN Waiver Process.
  • Receives CSP's continuous monitoring products and passes them to the appropriate entities within DoD
  • Serve as the DoD CNDSP certifier

Cloud Service Provider (CSP)
  • Commercial vendor or Federal organization offering or providing cloud services (Includes DoD CSPs)
  • Provides Cloud Service Offerings for mission use
  • Provides CNDSP services (all tiers) for their infrastructure and service offerings

Cloud Access Point (CAP)
  • Provided by DISA or other DoD Component
  • Protect DoD missions from vulnerabilities or risk that may affect operations in a CSP environment
  • Provide perimeter defenses and sensing for applications hosted in the commercial cloud service

DoD Chief Information Officer (DoD CIO)
  • Official approving authority for all CAPs

FedRAMP Joint Authorization Board (JAB)
  • Reviews CSP security assessment packages under the FedRAMP program
  • Grants FedRAMP Provisional Authorizations

Third Party Assessment Organizations (3PAO)
  • Independently performs security assessments of a CSP cloud offering and creates security assessment package artifacts in accordance with FedRAMP requirements
  • May perform continuous monitoring of CSP systems
  • Independently assesses a CSP’s compliance to DoD FedRAMP+ security controls and other requirements

DISA Authorizing Official (AO)
  • Official approving PA for a CSP’s Service Offerings for DoD use

DISA CND Functions
  • Perform cross-CAP correlation and analysis of event/data.
  • Direct C2 actions regarding DoDIN-wide incident and system health reporting involving a CAP or CSP.
  • For DoDIN-wide incidents, establish and maintain external communications with the CSP and ensure internal DoD communications are established between all entities which include the MCND and BCND.
  • Interface with US-CERT to obtain relevant CSP information; ensures cross-sharing of information across all BCND/MCND entities.

DoD Component Authorizing Official (AO)
  • Official approving ATOs for Mission Owner’s systems/applications
  • Reviews PA documentation to understand residual risk

Mission Owner
(CSP’s DoD Cloud Customer DoD Cloud Consumer)
  • DoD entity that acquires cloud services in support of its mission
  • Performs assessment to issue ATO for their mission systems/applications
  • Ensures Tier 2 Mission Computer Network Defense (MCND) Service Provider is identified and funded
  • Serves as CND Tier 3 for their mission systems/applications
  • Ensures CSP requirements for CND and other SRG requirements are included in any cloud contracts

Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT)
  • Receives incident reports from CSP as mandated by FedRAMP.
  • Responsible for coordination across non-DoD agencies

Computer Network Defense Service Provider (CNDSP)
  • Provides Computer Network Defense (CND) services and Command and Control (C2) direction addressing the protection of the network, detection of threats, and response to incidents.

United States Cyber Command (USCYBERCOM) / JFHQ-DODIN

  • DoD Tier 1 CNDSP
  • Notify and Coordinate as appropriate with US-CERT, Intelligence Community, Law Enforcement, and other Federal Agencies
  • Provides Computer Network Defense (CND) services and Command and Control (C2) direction for the entire DoDIN and all DoD information systems

Boundary CND (BCND)

  • DoD Tier 2 CNDSP
  • Monitors and defends the connections to/from off-premises CSPs at the Cloud Access Point (CAP)
  • Provides cross-CSP analysis capabilities or entities
  • Communicates with CND Tier 1 and Tier 2 entities

Mission CND (MCND)

  • DoD Tier 2 CNDSP
  • Provides CND / C2 services to specific Mission Owner’s systems/applications and virtual networks
  • Serves as the DoD CND / C2 point of contact for the CSP
  • Communicates with CND Tier 2 and Tier 3 entities

 

PREV   NEXT

Find Your Next Great Read

Describe what you're looking for in as much detail as you'd like.
Our AI reads your request and finds the best matching books for you.

Showing results for ""

Popular searches:

Romance Mystery & Thriller Self-Help Sci-Fi Business