The Defense Information Systems Agency is letting its milCloud 2.0 offering expire in May 2022. The 89 DOD mission partners currently using milCloud will need to migrate their 4,500 workloads elsewhere by that date. For Infrastructure-as-a-Service (IaaS), the mission partners will be able to leverage the Joint Warfighter Cloud Capability (JWCC) contract that DISA has established with Amazon Web Services, Microsoft, Google, and Oracle. But there are capability gaps not covered by the JWCC cloud providers.
In particular, the JWCC cloud providers do not manage applications that they do not own.
With milCloud expiring, the Project Hosts DOD cloud is the only Platform-as-a-Service (PaaS) solution authorized by DISA at IL5 that manages third-party cloud applications. Working with Project Hosts, a mission partner can use JWCC to procure its own IaaS for the deployment of its applications. At the same time, an interconnection with the Project Hosts PaaS allows mission partners to leverage services managing the entire cloud stack (including third-party applications). The services include scanning, patching, logging, authentication, contingency planning, incident response, as well as VDSS and VDMS services associated with Project Hosts’ DISA BCAP connection (see more complete list below).
“Our mission partner customers have all told us that leveraging the DISA-authorized, turnkey Project Hosts PaaS has allowed them to get their applications deployed far faster than hiring personnel or contracting with consultants to build IL5 application-level compliance from scratch,” said Scott Chapman, CEO of Project Hosts. “With milCloud 2.0 expiring, we are the best, easiest, and most secure option for many mission partners.”
Project Hosts Services:
Project Hosts works with the mission partner every step of the way to ensure an easy transition to the cloud for your Cloud IT Project (C-ITP). Project Hosts has also already achieved its DISA Provisional authorization at Impact Level 5 saving mission partners from having to go through the DISA A&A process and dedicating personnel to that effort. Project Hosts services include:
- Assistance in the Assessment and Authorization process
- Development of an application-level System Security Plan and associated documentation
- Uploading required documents and artifacts into eMASS
- Completion of the implementation plan and SLCM inside of eMASS on the mission partner’s behalf
- Being your dedicated security and compliance team
- Managing Access Control and Authentication
- Implementing and monitoring Azure Network Security Groups (firewall Rules) around all subnets dedicated to the mission partner
- Auditing/ reviewing audit logs and alerts
- Monitoring systems for availability and performance issues/ proactively taking action
- Monthly Operation System, Database, Web application vulnerability scanning using approved ACAS scanner
- Monthly STIG compliance scanning
- Patch and vulnerability management
- Configuration Management
- Malware prevention and Intrusion prevention using HBSS Tools
- Dedicated Incident Response and Analysis Team
- Contingency and Disaster Recovery Planning and recovery team
- Managed 3PAO Scanning and Penetration Testing of the Application
- Reporting Monthly Application-level POA&Ms to the mission partner for review