The Department of Defense has released a memorandum detailing its policy, responsibilities and procedures for performing defensive cyberspace operations and other cybersecurity activities for cloud service offerings.
The DOD’s chief information officer will oversee the development and implementation of the department’s cybersecurity capabilities and architectures to safeguard the DOD Information Network and ensure that developed capabilities are integrated into the DOD Information Enterprise Architecture, according to the memo released Tuesday.
The document states that DOD component heads should ensure that the mission owner and authorizing official are responsible for ensuring all cloud service contracts include licensing agreements and accreditation boundaries for cybersecurity activities and requirements for cybersecurity service provider notification and acknowledgment procedures for cyber incidents.
The mission owner will address and ensure the performance of all cybersecurity activities for infrastructure-as-a-service, platform-as-a-service and software-as-a-service offerings.
The activities are classified into identify, protect, monitor and detect and respond categories. For the identify category, activities include vulnerability assessment and analysis, penetration testing and intrusion assessment.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.
