Department of Defense Cloud Computing Security Requirements Guide
The US Department of Defense (DoD) has unique information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the US DoD specifically has defined additional cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud Service Providers (CSPs) supporting US DoD customers are required to comply with these requirements. Smartsheet Gov has been granted Provisional Authorization (PA) for Impact Level 4 (IL4) from Defense Information Systems Agency (DISA) leveraging the Smartsheet Gov FedRAMP Moderate ATO and undergoing additional assessments by independent organizations. This provides DoD mission owners and authorized contractors the ability to utilize Smartsheet Gov to manage their work while helping them meet their security and compliance requirements. For more information please visit the Smartsheet for Government page.
Questions about DoD
What Smartsheet services are covered?
The Smartsheet Gov platform is covered by the DoD Cloud Computing SRG.
How can Smartsheet guarantee that physical systems supporting its managed SaaS service also provide IL4 data security?
Smartsheet is provisioned on AWS GovCloud, which as a cloud infrastructure service maintains IL4 (and IL5) levels of compliance. No customer data is transmitted or stored in any external services.
Is Smartsheet “FedRAMP+”?
Yes. FedRAMP+ is a term from the SRG that essentially means FedRAMP Moderate plus IL4/5.