To enable organizations to offer their cloud offerings to the Department of Defense as a DoD-adjudicated system, Provisionally Authorized at a specific information impact level, Kratos provides assessment services to determine whether a CSP’s offering meets the requirements as stated in the latest version of the DoD Cloud Computing (CC) Security Requirements Guide (SRG).

Information Impact (Protection) Levels

• Impact Level 2 – DoD PA assessment is no longer required! if the Cloud Service Offering (CSO) has a FedRAMP JAB PA or Agency ATO: The decision to leverage the JAB PA or Agency ATO is at the discretion of the Mission Owner and the responsible Authorizing Official (AO). Further assessment may be needed to grant an ATO.
• Impact Level 4/5/6 – DoD PA assessments are required – Based on security controls/enhancements in the FedRAMP Moderate baseline coupled with DoD specific controls and other requirements (referred to as FedRAMP+)

Benefits of a Kratos DoD CC SRG Assessment

• Improve organizational and/or information system security posture through vulnerability identification and remediation
• Meet or improve standing with current or future mandatory regulatory frameworks/requirements (e.g., FedRAMP, FISMA, PCI, and NIST)
• Minimize downtime by discovering vulnerabilities before they become security incidents