DoD Impact Level 5 (IL5)
The United States Department of Defense (DoD) uses an “Impact Level” classification system to classify data and authorize cloud environments. IL5 is the highest level of authorization granted to environments storing and processing Controlled Unclassified Information (CUI), mission-critical information, and national security systems information. This authorization, which Google Cloud has received for a number of its products, is the result of a rigorous assessment of physical, logical, and cryptographic isolation controls. Google Cloud is committed to rapidly expanding the number of Google Cloud services within the IL5 authorization boundary, allowing us to support a wide array of use cases and cloud architectures.
A software-defined community cloud
These most recent compliance milestones are made possible by our modern, born-in-the-cloud approach. Last December, we described this approach to software-defined community cloud (SDCC) — a technology used for isolating security and compliance sensitive workloads using Assured Workloads. The software-defined community cloud allows customers to take advantage of the efficient cloud infrastructure that Google Cloud provides to help support stringent security compliance requirements without needing to manage and maintain individual infrastructure instances.
With SDCC, new hardware, new services, and continuous improvements to our services are delivered smoothly and without delay. Security enhancements can be implemented quickly, protecting customers from emerging threats. And because of the scale of infrastructure available, we can provide improved availability and performance.
On top of core compliance support with NIST 800-53 and FIPS-140 encryption by default, Google Cloud’s Assured Workloads supports additional commitments that customer data will remain within the continental United States (CONUS) and will only be supported by authorized U.S. persons. A premium support offering is also available that offers 24/7, 15-minute response time by authorized U.S. persons from within the United States. Google Cloud’s approach with Assured Workloads provides compatibility between our government and commercial offerings.
The technology U.S. public sector customers rely on is built on the same foundation that drives our Sovereign Cloud capabilities in other parts of the world. This foundation provides sophisticated isolation and personnel controls that protect data from unauthorized access while supporting stringent compliance and sovereignty requirements, which are backed by third-party audits and validations of the controls.
Take the next step
The new authorizations and offerings continue to enhance Google Cloud’s product offerings and capabilities for public sector customers and the organizations that serve them. Google Cloud’s U.S. public sector authorizations now include FedRAMP Moderate, FedRAMP High, FIPS-140, IL2, IL4, IL5, and CJIS.
Contact sales for more information on how to take advantage of Google Cloud’s Assured Workloads capabilities to run secure and compliant workloads. To learn more about Assured Workloads, check out our customer session from this year’s Google Cloud Next and our Assured Workloads video walkthrough series on YouTube.
By: Leigh Palmer (Vice President, Delivery and Operations, Google Public Sector) and Jeanette Manfra (Senior Director, Global Risk and Compliance)
Source: Google Cloud Blog