共用方式為


Department of Defense (DoD) Impact Level 6 (IL6)

DoD IL6 overview

The Defense Information Systems Agency (DISA) is an agency of the US Department of Defense (DoD) that's responsible for developing and maintaining the DoD Cloud Computing Security Requirements Guide (SRG). The Cloud Computing SRG defines the baseline security requirements used by DoD to assess the security posture of a cloud service offering (CSO), supporting the decision to grant a DoD Provisional Authorization (PA) that allows a cloud service provider (CSP) to host DoD missions. It incorporates, supersedes, and rescinds the previously published DoD Cloud Security Model (CSM), and maps to the DoD Risk Management Framework (RMF).

DISA guides DoD agencies and departments in planning and authorizing the use of a CSO. It also evaluates CSOs for compliance with the SRG — an authorization process whereby CSPs can furnish documentation outlining their compliance with DoD standards. It issues DoD provisional authorizations (PAs) when appropriate, so DoD agencies and supporting organizations can use cloud services without having to go through a full approval process on their own, saving time and effort.

IL6 is reserved for the storage and processing of information classified up to the SECRET level. For a cloud deployment, information that must be processed and stored at IL6 can only be processed in a DoD private/community or Federal government community cloud. Because of the requirement that the entire CSO infrastructure be dedicated and separate from other CSP/CSO infrastructures, IL6 CSOs may only be provided by CSPs under contract to the DoD or a federal agency. IL6 accommodates classified information categorizations up to moderate confidentiality and moderate integrity (M-M-x). Classification does not dictate a high confidentiality and high integrity (H-H-x) information categorization.

The Committee on National Security Systems Instruction No. 1253 (CNSSI 1253), Security Categorization and Control Selection for National Security Systems, provides all federal government departments, agencies, bureaus, and offices with a guidance for security categorization of National Security Systems (NSS) that collect, generate, process, store, display, transmit, or receive National Security Information. The National Institute of Standards and Technology (NIST) Special Publication SP 800-59 Guideline for Identifying an Information System as a National Security System provides NSS definitions.

CNSSI 1253 builds on the NIST SP 800-53, which provides the FedRAMP control baselines. However, there are some key differences between CNSSI 1253 and NIST SP 800-53, including the approach adopted by CNSSI 1253 to define explicitly the associations of Confidentiality, Integrity, and Availability to security controls, and to refine the use of security control overlays for the national security community. NSS are categorized using separate Low, Medium, and High categorization for each of the security objectives (Confidentiality, Integrity, and Availability). This approach results in categorizations such as “Moderate-Moderate-Low”, “Moderate-Moderate-High”, and so on. CNSSI 1253 then provides the appropriate security baselines for each of the possible system categorizations using controls from NIST SP 800-53.

The 15 December 2014 DoD CIO memo regarding Updated Guidance on the Acquisition and Use of Commercial Cloud Computing Services states that “FedRAMP will serve as the minimum security baseline for all DoD cloud services.” The Cloud Computing SRG uses the FedRAMP Moderate baseline at all information impact levels (IL) and considers the High baseline at some.

Section 5.1.1 DoD use of FedRAMP Security Controls (Page 37) of the Cloud Computing SRG states that a FedRAMP High provisional authorization, supplemented with DoD FedRAMP+ controls and control enhancements (C/CEs) and requirements in the SRG, are used to assess CSOs toward awarding a DoD IL6 PA. Most IL5 FedRAMP+ C/CEs are also applicable at IL6 in addition to a classified overlay. No matter what C/CE baseline is used as the basis for a FedRAMP High provisional authorization, extra considerations and/or requirements will need to be assessed and approved before a DoD IL6 PA can be awarded. Moreover, according to Section 5.2.2.4 Impact Level 6 Location and Separation Requirements (Page 55), the following requirements (among others) must be in place for an IL6 PA:

  • IL6 information up to the SECRET level must be stored and processed in a dedicated cloud infrastructure located in facilities approved for the processing of classified information, rated at or above the highest level of classification of the information being stored and/or processed.
  • IL6 cloud infrastructure is considered to be a Secret Internet Protocol Router Network (SIPRNet) enclave, and as such will be a closed self-contained environment for the cloud service offering (CSO) processing, storage, and management planes connected only to SIPRNet.
  • Virtual/logical separation between DoD and federal government tenants/SECRET missions is sufficient.
  • Virtual/logical separation between tenant/mission systems is minimally required.
  • Physical separation from non-DoD/non-federal government tenants (for example, public, local/state government tenants) is required.

Section 5.6.2 CSP Personnel Requirements (Page 76) imposes extra US citizenship restrictions on CSP personnel with access to IL6 data.

Azure and DoD IL6

Azure Government Secret maintains an Impact Level 6 (IL6) DoD provisional authorization (PA) at the high confidentiality, high integrity, and customer-determined availability (H-H-x) information categorization. It provides a direct connection to the DoD Secret Internet Protocol Router Network (SIPRNet) and is operated by cleared US citizens.

Note

Azure Government Secret is the first and only classified cloud service offering (CSO) to have received the highest possible DoD Impact Level 6 (IL6) provisional authorization (PA) at the high confidentiality and high integrity (H-H-x) information categorization.

Developed using the same principles and architecture as Azure Commercial, Azure Government Secret enables fast access to sensitive, mission-critical information while maintaining the security and integrity of classified workloads. It's available from three accredited regions located over 500 miles apart to support demanding business continuity and disaster recovery requirements. Azure Government Secret operates on secure, native connections to classified networks with options for ExpressRoute and ExpressRoute Direct for private, resilient, high-bandwidth connectivity.

Applicability

  • Azure Government Secret

Services in scope

For a list of Azure Government Secret cloud services in DoD IL6 PA scope, see Cloud services in audit scope. For service availability, contact your Microsoft account representative.

Attestation documents

Contact DISA for access to the most recent Azure Government Secret DoD IL6 PA letter.

Frequently asked questions

What Azure services are covered by DoD IL6 PA and in what regions?
Services that can accommodate IL6 information are available in the Azure Government Secret regions. For a list of services provisionally authorized at DoD IL6, see Cloud services in audit scope. For service availability, contact your Microsoft account representative.

Resources