DoD CC SRG Services
Grow Your Business with a Department of Defense (DoD) Provisional Authorization (PA)
Contact Us Download Data SheetAs an authorized Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO), Kratos follows its proven methodology for assessments to determine whether a Cloud Services Provider’s (CSP’s) offering meets DoD security requirements as stated in the latest version of the DoD Cloud Computing (CC) Security Requirements Guide (SRG).
The DoD CC SRG requirements are built on a FedRAMP foundation and typically leverage an existing FedRAMP authorization. The reciprocity between DoD and FedRAMP enables Kratos to recognize many efficiencies and, in most cases, limit the scope of the assessment to only the required DoD security controls and parameters in the SRG, saving the CSP both time and money.
Information Impact (Protection) Levels
Impact Level 2
An assessment is no longer required! If the Cloud Service Offering (CSO) has a FedRAMP Joint Authorization Board (JAB) PA or Agency Authority to Operate (ATO), the decision to leverage the JAB PA or Agency ATO is at the discretion of the DoD Mission Owner and the responsible Authorizing Official (AO). Further assessment may be needed to grant an ATO.
Impact Levels 4/5
An assessment is required — based on security controls/enhancements in the FedRAMP baseline, coupled with DoD specific controls and other requirements (referred to as FedRAMP+).
Impact Level 6
DoD PA assessments are required in Secret (or above) classified environments — based on security controls/enhancements in FedRAMP High, DoD CC SRG, and the CNSSI 1253 classified overlay. May require cleared staff up to the Top Secret level, DD-254 flow-down, DCSA Approved environments, lead time for CAC IDs/SIPRNET tokens, and direct oversight from the DoD during the onsite assessment.
Benefits of a Kratos DoD CC SRG Assessment
- Improve organizational and/or information system security posture through vulnerability identification and remediation
- Meet or improve standing with current or future mandatory regulatory frameworks/requirements (e.g., FedRAMP, FISMA, and NIST)
- Minimize downtime by discovering vulnerabilities before they become security incidents
- DoD cleared staff to support assessments in Secret and Top Secret environments
- Expand your customer base beyond FedRAMP