Announcing private preview of authorized DoD Cloud Infrastructure as Code for Azure

Zach

In our continued commitment to help Department of Defense (DoD) customers keep pace with mission demands, we’re announcing the private preview of DoD Cloud Infrastructure as Code (IaC) for Azure – a set of preauthorized baselines that build standard environments in Azure Government to accelerate DoD adoption of cloud services.

With a 3-year authority to operate (ATO) issued by the Defense Information Systems Agency (DISA) Risk Management Executive (RME), DoD IaC for Azure was developed under a Collaborative Research and Development Agreement (CRADA) where Microsoft assisted the DISA Cloud Computing Program Office (CCPO).

DoD Cloud IaC for Azure enables developer teams to focus more on the mission by leveraging automation to deliver preconfigured, preauthorized Platform as a Service (PaaS)-focused environments that come with 135 common control inheritance in eMASS (Enterprise Mission Assurance Support Service) to expedite application assessment and authorization with your authorization official.

For DoD customers moving to cloud, there’s significant complexity in the upfront design and engineering to secure cloud services, including cloud virtual networking environment, auditing, least privilege access, and authentication.

DoD Cloud IaC for Azure helps to overcome these challenges and is expected to decrease deployment timelines from 30 weeks down to potentially as little as 2 hours, while providing real-time continuous monitoring and compliance and supporting architecture standardization across all unclassified data classifications (up to DoD Impact Level 5).

As a pilot customer of the DISA CCPO for DoD Cloud IaC for Azure, the US Army Engineer Research and Development Center (ERDC), Construction Engineering Research Laboratory (CERL) team was able to accelerate their assessment and authorization.

“Rather than worrying about networks, identity, and operating systems, the Department of Defense Cloud Infrastructure as Code for Azure allows the Sustainment Management System team to focus on the application and delivering our capabilities into our partners’ hands,” said Eric Mixon, Computer Scientist, ERDC, CERL, US Army Corps of Engineers.

Customers also gain greater visibility and ease of management with built-in dashboard that provide real-time continuous monitoring. And, for ease of use, secure configuration, and to help avoid environment drift, DoD Cloud IaC for Azure currently includes 400+ Azure policies pre-mapped to NIST 800-53 controls with new policies added regularly.

Additionally, DoD Cloud IaC for Azure streamlines enterprise identity and authentication; integrating with DISA’s Global Directory for both privileged users and application-level CAC users. Trusted certificate authorities are also inherited, and Office 365 works without separate setup.

How does it work?

Infrastructure as Code is the management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model, using the same versioning as DevOps teams use for source code. A key DevOps practice used in conjunction with continuous delivery, IaC evolved to help solve the problem of environment drift and brings automation to rapidly build the same cloud environments verses building manually.

DoD Cloud IaC for Azure deploys the following to help teams accelerate accreditation and do more for the mission:

  • Development and test environment: Supports the development of software code, unit and integration testing, and pilots using mission test data. Available for use by those without a specific mission customer authorization.
  • Production environment: For workloads with live mission data and customers. Requires an Interim Authority to Test (IATT) or Authority to Operation (ATO) from your local authorization official, which is accelerated through inheritance with the Azure shared responsibility model (SRM).
  • Security and other common services: Include Virtual Datacenter Security Services (VDSS) and Virtual Datacenter Management Services (VDMS) using Azure-native security services to meet the Cloud Computing Security Requirements Guide (SRG). Policies to improve account security and real-time compliance dashboards with automated response mechanisms are also included.

Image DoD Cloud IaC for Azure

DoD Cloud Infrastructure as Code for Azure

 

Available services and support

New services for DoD Cloud IaC for Azure will be released regularly. Here are some of the PaaS services available. For the complete list, visit aka.ms/AzureDoDCloudIaCBaselines.

  • Azure App Service
  • Azure Cosmos DB (NoSQL)
  • Azure Database
  • Azure Functions
  • Azure Kubernetes Service (AKS)
  • Azure Data Lake
  • Azure Machine Learning
  • Azure IoT Hub
  • Azure Event Hub
  • Azure Virtual Machines
  • Azure Defender
  • Azure Active Directory*
  • Azure Firewall*
  • Azure Sentinel*
  • Azure Security Center*
  • Azure Monitor*

*Supporting services

Support resources and DISA CCPO are also available to provide guidance for your success.

Next steps

 

 

0 comments

Leave a comment