Achieving IL5: Empower mission success for the DOD

Now more than ever, the Department of Defense (DOD) is actively working to enhance preparedness, rebuild its industrial base, provide cutting-edge systems and ensure financial accountability. Moreover, the Department of Defense has declared that data is a strategic asset that must be managed to meet these perennial problems. The DOD and the broader ecosystem are balancing priorities between field focused systems to keep pace with threats and challenges and replacing legacy enterprise business systems that are not meeting modernization and workforce needs. Compounding these challenges are growing cybersecurity threats and requirements to defend against intrusion.

Only a select group of cloud service providers (CSPs) have passed the critical benchmarks for cybersecurity necessary for the DOD’s highest standards of data protection. With DISA’s DOD Impact Level 5 (IL5) authorization, CSPs can provide solutions to entities requiring the DOD’s highest level of protection for controlled unclassified information (CUI), such as sensitive personal data, critical infrastructure details, legal documents, mission-critical data and national security systems.

DISA’s risk management framework was established as a common accreditation framework for impact level accreditations across the 38 DOD components and services. It applies to all DOD agencies and military branches, including the Army, Navy, Marine Corps, Air Force, Coast Guard, Space Force and Combatant Commands. This authorization also assists eligible mission partners, associated agencies, universities, and the wider ecosystem, such as manufacturing suppliers within the defense industrial base.

Much of the defense ecosystem operates with CUI data and thus requires IL5-authorized solutions to ensure appropriate data security and compliance. Many mission partners are considering the Cybersecurity Maturity Model Certification (CMMC) framework to ensure compliance with standards that uphold cybersecurity requirements to protect sensitive unclassified information. Choosing CSPs that have met DISA’s risk management framework can help mission partners deliver compliant solutions faster and more efficiently.

IL5-authorized solutions, such as Snowflake’s Data + AI Platform, allow government customers and mission partners to deploy an end-to-end, fully managed and secure platform, from pilot initiatives to DOD-wide workloads. Industrial base and software partners can also use Snowflake as part of an approved architecture that provides solutions and services to the DOD.

“Dashboards don’t win battles, warfighters do — when they’ve got real-time data, fused and mission-ready,” says Steven Coles, Senior Regional Vice President of Federal Sales at Snowflake. DOD agencies that use an IL5-authorized solution gain the capability to host and process a wider range of sensitive, unclassified data and systems with greater confidence in their security posture. Here are five specific ways the DOD can leverage data with an IL5 authorized solution:

1. Host Controlled Unclassified Information (CUI) with Higher Sensitivity: Agencies can store and process CUI that requires a higher level of protection than what is typically allowed in IL4 environments. This includes categories of CUI that, if compromised, could lead to serious adverse effects on organizational operations, assets, or individuals.They can also handle mission-critical data that is unclassified but requires strong confidentiality, integrity and availability safeguards due to its importance to the agency’s mission. And they can manage information related to law enforcement, financial data and certain types of privacy-related information that falls under the IL5 categorization.

2. Host Unclassified National Security Systems (NSS) Information: One of the most significant distinctions between IL5 and IL4 authorization is the ability to process and store unclassified information related to NSS. This includes intelligence activities, cryptologic activities related to national security, command and control of military forces and equipment integral to weapon systems.

3. Leverage Enhanced Security Controls: CSPs that meet the stringent requirements of IL5 have robust security controls which often include enhanced identity and access management, stronger encryption, advanced network security, and comprehensive incident response capabilities. This allows the DOD to operate in an environment that has undergone rigorous assessment and validation by DISA, providing a higher level of assurance than lower impact level authorizations.

4. Achieve Greater Mission Effectiveness: The DOD can use modern cloud services and capabilities to improve efficiency, agility, and innovation while maintaining a strong security posture for sensitive workloads. For example, they can consolidate IT infrastructure in a secure cloud environment, reducing on-premises footprint and management overhead. They can also facilitate secure collaboration on sensitive unclassified information within the agency and with authorized partners.

5. Streamline Compliance Efforts: The DOD can rely on the CSP’s IL5 authorization as a foundational element for their own system Authority to Operate (ATO) processes, potentially reducing the time and effort required for security assessments of their cloud-based applications and systems.

The DOD recognizes that commercially available solutions and platforms are necessary to solve the most intractable problems. With an IL5-authorized solution such as Snowflake, the DOD can access enhanced capabilities to use mission-critical data in support of operations that advance national security objectives. Here are just a few of many possible use cases:

Financial management: World-class financial management that accelerates mission readiness by offering a unified budgeting source, near real-time insights, enhanced accountability, comprehensive reporting and efficient cost management.
Asset reliability and performance: Predictive maintenance, automated scheduling, digital twins and data/AI-driven rapid repair to enable increased uptime and reduced disruptions.
Logistics and supply chain: Improved inventory management and operations through increased visibility, decision support, operational efficiency and demand forecasting.
Cybersecurity: A holistic platform for unified data, near-unlimited visibility and powerful analytics that helps eliminate blind spots in security data, strengthens incident response through unified monitoring and provides a comprehensive repository for all security data.
Open source intelligence (OSINT): A means to enrich data from publicly available sources to accelerate decision-making, conduct policy research, gather sentiment analysis and perform economic forecasting.