Federal Cloud Security

Warren, Katy

Federal Cloud Security

Active / Technical Report | Accession Number: AD1107883 |

Open PDF

Abstract:

When Federal government departments and agencies choose to adopt cloud computing, security is a major consideration in the planning, migrating, and operations and maintenance of critical IT systems. Agencies must consider the goals, planned cloud ecosystem, mission and business functions, processes, sensitivity of data, and processing capabilities. Agencies must fully understand the roles and responsibilities of themselves, FedRAMP, and Cloud Service Providers CSPs. As consumers of cloud services, agencies must also fully understand the impacts of the three Service Models Infrastructure as a Service IaaS, Platform as a Service PaaS and Software as a Service SaaS with regard to security, as each Service Model brings different security requirements and responsibilities. As agencies transition their applications and data to cloud computing solutions, it is critically important that the level of security provided in the cloud environment be equal to or better than the security provided by its traditional IT environment.

Author(s):

Warren, Katy

Author Organization(s):

MITRE CORP MCLEAN VA MCLEAN

Descriptive Note:

Technical Report

Supplementary Note:

01 Jan 0001, 01 Jan 0001, DTIC CRAWL

Pagination:

0044

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Subject Terms

Joint Capability Areas:

JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_5_Command and Control; JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_5.3_Planning; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_6.2.3_Core Enterprise Services; JCA_6.2_Enterprise Services; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_4.2_Supply; JCA_4.2.1_Manage Supplies and Equipment; JCA_5.3.3_Develop Strategy; JCA_8.2.2_Provide Aid to Foreign Partners and Institutions; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action

Communities of Interest:

Cyber

Descriptor(s):

cloud computing, computer network security, denial of service attack, application software, cybersecurity, information systems, local area networks, risk management, information exchange, information security, united states government

Field(s)/Group(s):

Computer Systems Management and Standards, Computer Programming and Software

Report Date:

2015 Dec 28

Creation Date:

2020 Sep 03