> I still want to know why--when we're wanting to run services like Document Intelligence and Azure OpenAI in Azure GCC High, a FedRAMP-High approved environment with these services claiming DoD Impact Level 5 compliance--our IT Security department thinks that can't be used for CUI. They say we need to spend 2 years and $2 million doing some kind of review of Azure itself before it can be approved for CUI.
replyDon't you still have to get program-specific authorization for IL5?
I don't know. I've been a software engineer for 25 years, but this is my first DoD job in 20. We didn't have this when I was a junior developer and I don't have the time to learn about this particular part of the process.
replyWe have plenty of program contracts that require IL5. I think you only need ATO to go to IL6 and above (which would be Secret and would require working in a SIPRNet connected network isolated from our corporate network). For just CUI data, I thought you didn't need special authorization.
What I really need is someone I can trust who can come in and tell me what we should be doing, because whatever our IT Security team is telling me sounds ludicrous. There are a whole host of problems with our IT systems that indicate to me that they don't really know what they are doing.