The Defense Information Systems Agency released a blanket provisional authorization to allow service components and mission partners at the Pentagon to host data at impact level 2 on cloud platforms certified under the Federal Risk and Authorization Management Program.
“This authorization allows for data designated publicly releasable or IL2, to be stored in the cloud on authorized FedRAMP offerings without waiting for DOD to issue a specific authorization document,” Roger Greenwell, risk management executive and authorizing official at the Department of Defense, said in a statement published Friday.
“We worked with officials from the DOD, Chief Information Office, and mission partners on the drafting of the policy, and believe this approach provides significant benefit to both the DOD community as well as the cloud industry,” Greenwell added.
The reciprocity authorization covers cloud service offerings certified at the moderate baseline under FedRAMP, listed on the program’s marketplace and have data centers that are based in the U.S. or its territories. It also reduces the measures cloud service providers need to take before making FedRAMP-certified platforms available for defense clients.