Security is an increasing concern for cloud computing, which is a system where computing is done over a network of shared devices that are often accessed remotely. Cloud computing is attractive to industries and governments that frequently store and share large amounts of data. But its reliance on remote servers make data vulnerable to security breaches.
To determine the security requirements for the DOD’s cloud computing system, this bill would direct the Comptroller General to review cloud security practices used by other federal agencies and commercial entities. The Comptroller would also evaluate to what extent the DOD relies on cloud computing and to introduce cloud services wherever they aren’t being used.
The Chief Information Officer of the DOD would have several responsibilities related to cloud security:
- Calculating the minimum security requirements needed for cloud storage of DOD information.
- Assessing whether commercial cloud services have security measures that meet DOD standards.
- Requiring all DOD cloud systems to be certified and accredited through the same process that commercial vendors use.
- Conducting an analysis of the Defense Information Systems Agency that will be working with the commercial service providers developing the DOD’s cloud security.
- Briefing the relevant Congressional committees within 30 days of any pilot demonstrations.