U.S. Defense Information Systems Agency Provisional Authorization
The United States Defense Information Systems Agency (DISA) manages the evaluation and authorization of cloud services for the U.S. Department of Defense (DoD). DISA Cloud Service Support has granted Google Cloud a DoD Impact Level 4 and Impact Level 5 provisional authorization (PA). An assessment at Impact Level 4 (IL4) allows for processing and storage of controlled unclassified information in specific products on Google Cloud. An assessment at Impact Level 5 (IL5) allows for data processing and storage of DoD higher sensitivity controlled unclassified information, mission-critical information, and national security systems information.
Google’s IL2 PA for Google Cloud and Workspace is in place. Google Cloud and Workspace customers seeking IL2 compliance must use Assured Workloads for IL2.
*Note: Impact Level (IL) platforms will restrict customer domain sign-in for less secure protocols (e.g. TLS 1.1/1.0).
Google Cloud's DISA IL4 and IL5 provisional authorizations require customers to use Assured Workloads. Workspace's DISA IL4 and IL5 provisional authorizations require customers to use Assured Controls, Assured Support and either Enhanced or Premium Support. For more information on the configuration process for IL4 and IL5 provisional authorizations, please contact sales.
Google Cloud and IL4 and IL5
Google Cloud was awarded an IL5 provisional authority in 2022, making it the one of the first hyperscalers to receive DISA approval for a software-defined community cloud. A software-defined isolation approach means more flexibility than traditional government clouds in terms of region deployment, scalability, and cost.
IL4 and IL5 workloads are deployable via Assured Workloads, which enables security controls that meet heightened data residency and support requirements. Assured Workloads also enforces developer guardrails that help large organizations stay in compliance.
Once you have selected your IL4 or IL5-authorized services, Google can help you configure your solution through service-specific configuration guides or direct engagement with IL4 and IL5 experts in our Professional Services organization. Additionally, Google provides customers with a IL4 Springboard Deployment guide with Terraform code.
Related Resources
- Overview of Assured Workloads
- Guidance and Terraform for Deploying an IL4 Assured Workloads Environment
- NIST Cybersecurity Framework and Google Cloud
- Google Cloud Deployment Guide
- Google Cloud Security Model
- DoD Instruction 8510.01 DoD Risk Management Framework (RMF) for DoD Information Technology (IT)
- Controlled unclassified information (CUI) Registry and CUI category list
- NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
- NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations
- NIST SP 800-59 Guideline for Identifying an Information System as a National Security System
- NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- CNSSI 1253 Security Categorization and Control Selection for National Security Systems