Blog
2F Team & Culture
Changing the relationship between global defense, national security, and commercial software with $40M Series B funding round
Read blog
DoD Impact Levels allow the DoD to categorize info systems and their info based on the potential impact caused in the event they are compromised.
DoD Impact Levels (IL) are used to categorize information systems and the information they store and process based on the potential impact in the case the information system or the associated information were to be compromised. The security qualities taken into account when determining DoD ILs include confidentiality, integrity, and availability.
Confidentiality — There is limited access to information.
Integrity — Information is trustworthy and accurate.
Availability — There is reliable access to information by authorized parties.
The Defense Information Systems Agency (DISA) published the Department of Defense (DoD) Cloud Computing Security Requirements Guide (CC SRG) based on the guidance of the Federal Information Systems Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37. The DoD CC SRG applies a FedRAMP+ concept by accepting the security work carried out during the FedRAMP process via reciprocity, then adding specific requirements and security controls that meet the special needs of the DoD.
The DoD CC SRG defines the security characteristics for each IL:
DoD ILs are useful labels for a comprehensive security categorization system. They allow DoD information system owners and managers to quickly identify the security criticality of information systems and their associated information, and determine the minimum security measures necessary for handling that system.