Department of Defense (DoD) Impact Level 5 (IL5) in VMware Cloud on AWS GovCloud (US)

Jens Koegler Civilian Government , ,

Originally posted on http://www.vmware.com by VMware Industry News

We at VMware are proud to announce that VMware Cloud on AWS GovCloud (US) has achieved a Full Authorization for DISA Impact Level 5 (IL5). This builds on the provisional authorization granted in May 2022 and validates the deep security processes and technology built into VMware Cloud on AWS GovCloud (US). It also means that easy-to-use public cloud services are available for an even larger group of US Government customers who have needs beyond the FedRAMP baselines.

DISA? IL5?

Traditional information security defines three tenets, often called the “CIA Triad:”

  • Confidentiality, or the idea that data should be kept secure from unauthorized parties.
  • Integrity, or the idea that data should be protected against unauthorized modification.
  • Availability, or the idea that data is available to authorized users when they need it.

To help the US Department of Defense (DoD) build their systems, the Defense Information Systems Agency (DISA) has defined certain “buckets” for data, depending on how catastrophic a loss of confidentiality or integrity would be for their data. DISA calls these “Impact Levels” (ILs). Impact Level 5 allows US Government customers to store and process Controlled Unclassified Information (CUI) and Unclassified National Security Information (U-NSI) data that has moderate confidentiality and moderate integrity requirements.

Many organizations will recognize the term CUI, as it is also associated with the Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171, too. CUI can be part of many different information systems in many different organizations, including critical energy infrastructure, defense systems, systems that are subject to ITAR export controls, law enforcement systems, and more. Of course, National Security Systems (NSS) are systems that handle information related to intelligence activities, military operations, and so on.

Certification Process

VMware Cloud on AWS GovCloud (US) is built atop the secure and flexible VMware vSphere platform, deployed within the IL5-capable regions of AWS EC2. However, technology is only a small part of what drives an IL5 authorization. For most regulatory compliance authorizations, including IL5, it is more about HOW that technology is implemented and used. Cloud Service Providers (CSPs) and their Cloud Service Offerings (CSOs) are evaluated for their processes, going deep into how the services are implemented and secured, who has access to the systems, how events in the systems are audited and logged, where deployed systems are physically located, and so on.

VMware Cloud on AWS GovCloud (US) meets the stringent process and implementation guidelines of DISA IL5, meaning easy and fast access to cloud services for US Government agencies.

More Information

VMware Cloud works hard to earn trust, and we are pleased that DISA agrees with us. Beyond GovCloud, VMware Cloud on AWS also holds many certifications for regulatory compliance, helping to speed migrations and make audits easier for thousands of customers governed by regulatory requirements. You can see these all at the VMware Cloud Trust Center.

For more information about how VMware Cloud on AWS GovCloud (US) can help your public sector organization achieve its mission please visit the GovCloud website or speak with your VMware account team.

Check These Out

This blog article was originally posted on the VMware Cloud Blog and was written by Bob Plankers.

Jens Koegler

Jens Koegler is VMware's Healthcare Industry Director in EMEA. He is helping our healthcare customers develop and run modern applications to drive innovation and ensure better patient care through a digital foundation that includes data center, hybrid cloud, mobile, networking and security technologies. VMware plays a strategic role in the healthcare industry. Its leading innovations in enterprise software help ensure consistent patient care and reduce IT access time for healthcare professionals so they can spend more time with their patients. Jens plays a key role in helping customers understand how new applications, devices, the latest IT technologies and digital transformation are driving innovation in healthcare.