CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
The Enterprise Cloud Management (ECM) team has configured Amazon Web Services (AWS) and Microsoft Azure services to meet Leidos Corporate Information Security (CIS) requirements by leveraging the existing Leidos-built security stack and AWS infrastructure security controls.
CIS provides security oversight and monitoring for ECM customers. ECM provides security controls in Commercial GovCloud that satisfy requirements for proper handling, storage, control, and dissemination of Controlled Unclassified Information (CUI), Covered Defense Information (CDI), and Controlled Technical Information (CTI) per your contract requirements.
Prior to engagement with ECM, please review your program contract to determine the Federal Information Processing Standard (FIPS) 199 security categorization of your system and determine if your contract includes a Defense Federal Acquisition Regulation Supplement (DFARS) clause that mandates contractors implement the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.
After services and servers are provisioned and available, users can access them with a Leidos account (employee or sponsored) using multifactor authentication. Direct access from LeidosNet is available with an approved Design Engagement and firewall rule request. Role-based access controls (RBAC) are available through CloudBolt with Active Directory integration.
Access to applications hosted and executing within the ECM environment is available to external parties through the internet, provided the F5 or VIP are used. Currently, ECM does not allow access to applications from users who possess active DOD Common Access Card (CAC). However, that is a use case that is being vetted. Administrative and privileged user access to ECM environments is possible through VPN and using proper privileged access roles.
For more information, schedule a consultation with the Enterprise Cloud Management team. The consultation will help to determine if the program will meet your needs and if so, what the next steps are.