We at VMware are proud to announce that VMware Cloud on AWS GovCloud (US) has achieved Provisional Authorization for DISA Impact Level 5 (IL5). This validates the deep security processes and technology built into VMware Cloud on AWS GovCloud (US) and means that easy-to-use public cloud services are available for an even larger group of US Government customers who have needs beyond the FedRAMP baselines.
DISA? IL5?
Traditional information security defines three tenets, often called the “CIA Triad:”
- Confidentiality, or the idea that data should be kept secure from unauthorized parties.
- Integrity, or the idea that data should be protected against unauthorized modification.
- Availability, or the idea that data is available to authorized users when they need it.
To help the US Department of Defense (DoD) build their systems, the Defense Information Systems Agency (DISA) has defined certain “buckets” for data, depending on how catastrophic a loss of confidentiality or integrity would be for their data. DISA calls these “Impact Levels” (ILs). Impact Level 5 allows US Government customers to store and process Controlled Unclassified Information (CUI) and Unclassified National Security Information (U-NSI) data that has moderate confidentiality and moderate integrity requirements.
Many organizations will recognize the term CUI, as it is also associated with the Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171, too. CUI can be part of many different information systems in many different organizations, including critical energy infrastructure, defense systems, systems that are subject to ITAR export controls, law enforcement systems, and more. Of course, National Security Systems (NSS) are systems that handle information related to intelligence activities, military operations, and so on.
Certification Process
VMware Cloud on AWS GovCloud (US) is built atop the secure and flexible VMware vSphere platform, deployed within the IL5-capable regions of AWS EC2. However, technology is only a small part of what drives an IL5 authorization. For most regulatory compliance authorizations, including IL5, it is more about HOW that technology is implemented and used. Cloud Service Providers (CSPs) and their Cloud Service Offerings (CSOs) are evaluated for their processes, going deep into how the services are implemented and secured, who has access to the systems, how events in the systems are audited and logged, where deployed systems are physically located, and so on.
VMware Cloud on AWS GovCloud (US) meets the stringent process and implementation guidelines of DISA IL5, meaning easy and fast access to cloud services for US Government agencies.
More Information
VMware Cloud works hard to earn trust, and we are pleased that DISA agrees with us. Beyond GovCloud, VMware Cloud on AWS also holds many certifications for regulatory compliance, helping to speed migrations and make audits easier for thousands of customers governed by regulatory requirements. You can see these all at the VMware Cloud Trust Center.
For more information about how VMware Cloud on AWS GovCloud (US) can help your public sector organization achieve its mission please visit the GovCloud website or speak with your VMware account team.