DoD Cloud Infrastructure as Code


DoD Cloud IaCs are pre-done, approved baselines that accelerate customer adoption of cloud services. For customers moving to the cloud, there is significant complexity in the upfront design and engineering to secure cloud services, including: cloud virtual networking environment, auditing, least privilege access and authentication. Mission owners often find themselves having to recreate the wheel on this routine upfront engineering work -- losing critical time. DoD Cloud IaCs solve these challenges with pre-authorized baselines that serve as a platform to host mission apps. Each baseline includes inheritable controls in eMASS to save mission owners valuable time during the Assessment & Authorization (A&A). DoD Cloud IaCs currently support Microsoft Azure and an AWS baseline is under development.


Leverages Automation

The DoD Cloud IaC baselines are a service that leverages IaC automation to generate preconfigured, preauthorized, Platform as a Service (PaaS) focused environments. These baselines exist in the form of IaC templates that organizations can deploy themselves to establish their own decentralized cloud platform.


For Immediate use and Accelerated Accreditation

The environments can be immediately consumed for development and test workloads, with concurrence from your local Authorization Official. They also support an accelerated accreditation model for production workloads, by significantly reducing the security requirements that mission owners are responsible for by leveraging inheritance from PaaS services, where host and middleware security is the responsibility of the CSP, including hardening and patching (No STIGS, No HBSS and no ACAS required!).  Whenever possible, DoD Cloud IaC leverages native security services offered by Cloud Service Providers (CSP) over traditional data center tools for improved integration with cloud services. DoD Cloud IaC baselines can be built into your DevSecOpsPS pipeline to rapidly deploy the entire environment and mission applications. The DoD Cloud IaC baseline has successfully shortened the deployment of the networking, identity, and security policies for security compliance from the standard 30 weeks down to just 2 hours. 


  • Real-time continuous monitoring & compliance

  • Reduction of burden on developer teams so they can focus on app deployments 

  • Architecture standardization support across all Impact Levels (IL) and classifications 

  • Decrease in the lift for accreditation of your production system

  • Baselines that are updated monthly to incorporate the latest CSP PaaS services

DoD Cloud IaC baselines are currently supporting Microsoft Azure and an AWS baseline is in development. If you are interested in access to the DoD Cloud IaC Repository or becoming a pilot user, please submit a request here.