DoD Cloud Infrastructure as Code


DOD Cloud IaC

DOD Cloud Infrastructure as Code (IaC) is a collection of preconfigured templates that use automation to build secure cloud environments. The DOD Cloud IaC templates, called “baselines,” use automation to generate preconfigured, preauthorized, Platform as a Service (PaaS) focused environments. These IaC baselines for Azure, AWS and Google can be deployed by a customers to establish their own
cloud platform.

DOD Cloud IaC helps customers adopt cloud smarter and faster, providing our customers with the best value service for their cloud journey. HaCers deploy the baselines in a short onboarding session, which significantly shortens our customers’ cloud journeys.

 

Why DOD Cloud IaC?

DOD Cloud IaC streamlines cloud deployment, authorization, and security for customers, shortening the typical cloud journey by seven months. DOD Cloud IaC uses automation to accelerate cloud adoption in the form of baselines that build out cloud environments in hours. It also speeds up the authorization process with inheritable common controls and the use of PaaS services, which eliminate the need for Security Technical Implementation Guides, Assured Compliance Assessment Solution and Host Based Security System. The DOD Cloud IaC baseline has successfully shortened the deployment of the networking, identity, and security policies for security compliance from the standard 30 weeks down to just two hours.

Features.

DOD Cloud IaC supports accelerated adoption by leveraging automation in the form of IaC templates that build out cloud environments in minutes. DOD Cloud IaC also speeds the authorization process with inheritable common controls and the use of PaaS services which eliminate the need for Security Technical Implementation Guides (STIGs), Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS). This means that DOD Cloud IaC can deliver organizations a PaaS environment quickly and efficiently.

  • Authorization to Operate (ATO) from DISA Risk Management Executive (RME).
  • 100+ Common Controls in Enterprise Mission Assurance Support Service (eMASS) to expedite mission application Assessment & Authorization (A&A).
  • Complete identity solution for both privileged users and application-level CAC users, including integration with DISA’s Global Directory service to federate with DOD’s Enterprise
    Identity Infrastructure.
  • Baselines at IL2, IL4, IL5 and IL6.
  • Real-time continuous monitoring & compliance.
  • Architecture standardization support across all Impact Levels (IL) and classifications.
  • Cloud service provider offerings including native security services and Platform as a Service (PaaS), which improve integration and technology insertion, reducing the burden of middleware integration, hardening and patching for customers.
  • Monthly updates that incorporate the latest CSP PaaS services.

Getting Started.

DOD Cloud IaC currently has 20 service deployments across the Department. Baselines are currently available for Microsoft Azure and Amazon Web Services and the HaC is piloting Google baselines. If you are interested in ordering DOD Cloud IaC, please use the contact us feature and we will be in
touch shortly.

Supporting Services
Azure Active Directory
Azure Activity Logs
Azure Alerts
Azure API management
Azure Bastion
Azure Blueprints
Azure Cloud Shell
Azure DDOS Protection
Azure Firewall
Azure Front Door
Azure Key Vault
Azure Log Analytics Notebook
Azure Network Security Groups
Azure Policies
Azure Security Center
Azure Sentinel
Azure Service Health
Azure VNET
Azure VNET Flow Logs
Azure VNET Peering
Azure VNET Gateway
Azure Web Application Firewall

Application & DB Hosting
Azure App Service
Azure Database 
Azure Cosmos DB
 
Containers
Azure Kubernetes Service
Azure Container Registry

Serverless
Azure Functions
Azure Event Hub

Storage
Azure Blob Storage
Azure Data Lake

AI/ML
Azure Machine Learning

IoT
Azure IoT Hub

Hybrid Cloud
Azure Data Factory

Virtual Machines*
Azure Virtual Machines*
Azure VM Scale Sets
Azure Defender

  Azure Policies: 414



Supporting Services
AWS Audit Manager
AWS CloudTrail
AWS CloudWatch
Amazon Cognito
AWS Config
AWS Network Firewall
Amazon GuardDuty
AWS Identity and Access Management (IAM)
AWS Key Management Service
AWS Organizations
AWS Security Hub
AWS Service Catalog
AWS Service Control Policies (* Supporting Services)
AWS Transit Gateway
Amazon Virtual Private Cloud (VPC)

DevOps Services
AWS CodeBuild
AWS CodeCommit
AWS CodePipeline

Managed Desktop
Amazon AppStream 2.0
 
Containers
AWS Elastic Kubernetes Service - Fargate
AWS Elastic Container Service (ECS) - Fargate
Amazon Elastic Container Registry

Database Housing
Amazon Aurora
Amazon DynamoDB

Serverless
AWS Lambda

AI/ML
Amazon SageMaker

IoT
AWS IoT Greengrass

Hybrid Cloud
AWS Storage Gateway

Virtual Machines *
EC2


AWS Config Rules: 156

Supporting Services
Google Cloud Armor
Google Cloud Logging
Google Cloud Monitoring
Google Cloud Identity & Access Management
Google Data Loss Prevention API
Google Cloud Security Command Center
Google Forseti*
Google Cloud IDS*
Google Virtual Private Cloud
3rd Party Firewall
Google Cloud Router
Google Cloud Interconnect (BCAP)
VPC/Firewall Flow Logs
Google Cloud KMS
Identity Platform (GD)
Google Cloud Trace
Google Cloud Load Balancing
Google Cloud Storage

 
Containers
Google Kubernetes Engine
Google Anthos
Google Container Registry
Container Analysis*
Container Thread Detection*

Database
Google BigQuery

Virtual Machines
Google Compute Engine
Persistent Disk

Additional VDMS Services
Endpoint Protection Networking*
Vulnerability Scanning *

*Post MVP Enhancement
 Download the Slick Sheet