https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN42947-PPM_CIO-063-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
CS-GOV-SV-063
SAIS-CS (25-1rrrr) 31 January 2025
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Army Cross Domain Solution as a Service Policy
1. Purpose. Provide policy for Armywide Cross Domain Solution as a Service
(CDSaaS) utilization.
2. Definitions.
a. Cross Domain Solution (CDS): An integrated information assurance system
composed of specialized software or hardware that provides a controlled interface to
manually or automatically enable and/or restrict the access or transfer of information
between two or more security domains based on a predetermined security policy.
b. CDSaaS: A cloud computing-based solution that commercial cloud service
providers offer as a service to government tenant organizations enabling the transfer of
information across two or more different classification domains. This transfer can be
offered from High-to-Low, Low-to-High, or in any combination required to meet mission
needs.
3. Applicability.
a. This policy governs all non-intelligence security domains and applies to
Headquarters Department of the Army (HQDA) elements, Army Commands, Army
Service Component Commands, Direct Reporting Units, and Army National Guard and
Reserve components.
b. This policy applies to all Army usage, processes, and management needs for
CDSaaS services.
c. This policy is not applicable to the Joint Worldwide Intelligence Communications
System for TOP SECRET–sensitive compartmented information or special access
program systems.
d. This is not applicable to operations of on-premises, tactical or non-cARMY cloud
based CDS, to include any account outside of the Enterprise Cloud Management
Agency (ECMA) or the Cloud Governance Committee (CGC) approval.
SAIS-CS (25-1rrrr)
SUBJECT: Army Cross Domain Solution as a Service Policy
4. Background.
a. The Army has an operational requirement to enable warfighting, mission and
enterprise capabilities, and rapid capability development for data to move across
network and platform security domains. The current infrastructure continues to be
bifurcated and not standardized. This increases risk to Department of Defense
Information Network—Army (DoDIN-A) operations and mission success. Existing
processes have also weakened the Army’s ability to quickly approve, deliver and
operationalize enterprise level CDS. The lack of capable CDS services to support these
critical mission areas has a strategic effect on the ability for the Army to conduct
missions at the scope and scale necessary to meet Army Senior Leader objectives.
b. Commercial multi-mode CDSaaS within the Govcloud Impact Level (IL) 2, IL4,
IL5 and IL6 are currently available. These offerings provide the Army with the
opportunity to quickly streamline safe and secure Raise the Bar (RTB) compliant and
mission specific CDS services at-scale across the Army mission portfolio. To take
advantage of these offerings, the Army CIO requires the service to strictly follow this
policy.
5. Roles and Responsibilities.
a. The Army Chief Information Officer (CIO) serves as the approval authority for all
CDSaaS used within the US Army. With this responsibility, the CIO will manage the
oversight and resourcing of all CDSaaS and the reciprocity of cloud CDS RTB
compliance.
b. The Cloud Governance Committee (CGC) serves as the governance and
approval committee for Enterprise Cloud Management Agency (ECMA) CDSaaS tenant
requests to ensure alignment to Army portfolio management.
c. ECMA serves as the lead organization for all cloud DoDIN-A operations. Since
CDSaaS is a part of the Cloud DoDIN-A, ECMA has the sole responsibility in the Army
to develop all governance, management, maintenance, and approval for unit utilization
of CDSaaS. This includes all development, security and operations (DevSecOps)
environments. Additionally, ECMA is responsible for providing support and guidance to
the CGC. ECMA is the sole US Army organization that can utilize reciprocity for
CDSaaS operations.
d. Army Cyber Command (ARCYBER) provides cybersecurity service provider
integration and monitoring and the management of CDSaaS operations.
e. All Army organizations, units, tenants, individuals requiring CDSaaS services
must submit a request for services to ECMA. No other CDSaaS services will be
2
SAIS-CS (25-1rrrr)
SUBJECT: Army Cross Domain Solution as a Service Policy
allowed unless a waiver from the Army CIO has been granted. A waiver will only be
obtainable after all requirements have been considered with ECMA as not available.
6. Policy.
a. All Army cloud CDS requirements will be approved and managed through the
ECMA CGC. ECMA tenants will adhere and meet RTB requirements. CGC will review
requests for specific critical missions and/or operational workloads for consideration for
approval.
b. Only ECMA will provide CDSaaS services for use by US Army organizations. All
US Army organizations must use ECMA for CDSaaS services. No other enterprise CDS
solutions will be used or paid for without explicit approval from the Army CIO.
c. Depending on the CDSaaS service, requesting organizations will submit a
request for CDS services utilizing the specific templates provided by ECMA. This will
ensure a proper solution is provided to satisfy the request.
d. All alternate CDSaaS solutions are strictly prohibited and are subject to
immediate enclave and network denial of authorization to operate. All organizations
must report non-cArmy cloud based CDS to the ECMA Cybersecurity Division.
7. Points of Contact.
a. CIO Policy Inbox: usarmy.pentagon.hqda-cio.mbx.policy-inbox@army.mil
b. ECMA Cloud Cybersecurity Division: Rosalynn Pittman,
rosalynn.s.pittman.civ@army.mil.
c. HQDA CIO Cybersecurity Directorate, Oversight and Compliance Division:
William Bessemer, william.g.bessemer.civ@army.mil.
LEONEL T. GARCIGA
Chief Information Officer
DISTRIBUTION:
Principal Officials of Headquarters, Department of the Army
Commander
US Army Forces Command
US Army Training and Doctrine Command
(CONT)
3
SAIS-CS (25-1rrrr)
SUBJECT: Army Cross Domain Solution as a Service Policy
DISTRIBUTION: (CONT)
US Army Materiel Command
US Army Futures Command
US Army Pacific
US Army Europe and Africa
US Army Central
US Army North
US Army South
US Army Special Operations Command
Military Surface Deployment and Distribution Command
US Army Space and Missile Defense Command/Army Strategic Command
US Army Cyber Command
US Army Medical Command
US Army Intelligence and Security Command
US Army Corps of Engineers
US Army Military District of Washington
US Army Test and Evaluation Command
US Army Human Resources Command
US Army Corrections Command
US Army Recruiting Command
Superintendent, US Military Academy
Commandant, US Army War College
Director, US Army Civilian Human Resources Agency
Executive Director, Military Postal Service Agency
Director, US Army Criminal Investigation Division
Director, Civilian Protection Center of Excellence
Director, US Army Joint Counter-Small Unmanned Aircraft Systems Office
Superintendent, Arlington National Cemetery
Director, US Army Acquisition Support Center
CF:
Principal Cyber Advisor
Director of Enterprise Management
Director, Office of Analytics Integration
Commander, Eighth Army
4