Skip to content

Impact Levels Overview

DoD Impact Levels (IL) are used to categorize information systems and the information they store and process based on the potential impact in the case the information system or the associated information were to be compromised. The security qualities taken into account when determining DoD ILs include confidentiality, integrity, and availability.

Confidentiality — There is limited access to information.

Integrity — Information is trustworthy and accurate.

Availability — There is reliable access to information by authorized parties.

The Defense Information Systems Agency (DISA) published the Department of Defense (DoD) Cloud Computing Security Requirements Guide (CC SRG) based on the guidance of the Federal Information Systems Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37. The DoD CC SRG applies a FedRAMP+ concept by accepting the security work carried out during the FedRAMP process via reciprocity, then adding specific requirements and security controls that meet the special needs of the DoD.

Impact Level Chart

Security Characteristics by DoD Impact Level

The DoD CC SRG defines the security characteristics for each IL:

  • IL2 — IL2 includes Public or Non-Critical Mission Information

  • IL4— IL4 includes Controlled Unclassified Information (CUI) (e.g. For Official Use Only (FOUO), Personally Identifiable Information (PII), and Personal Health Information (PHI)), Non-Critical Mission Information, and Non-National Security Systems (NSS)

  • IL5 — IL5 includes higher sensitivity CUI, Mission Critical Information, and NSS. IL5 exists within a narrow category between IL4 and IL6, but it is distinguishable by the inclusion of NSS.

  • IL6 — IL6 includes information systems and information classified SECRET DoD ILs are useful labels for a comprehensive security categorization system. They allow DoD information system owners and managers to quickly identify the security criticality of information systems and their associated information, and determine the minimum security measures necessary for handling that system.

Impact Level 5 (IL5) Compliance Requirements

IL5 includes higher sensitivity Controlled Unclassified Information (CUI), Mission-Critical Information, and information specific to National Security Systems (NSS). You must satisfy certain requirements to access this IL and deploy applications.

Important

The Compliance Requirements section below references links to Platform One articles that you must read to gain a complete understanding of the IL5 access requirements. More specifically, this required reading material resides in an IL4 environment. Therefore, you must have IL4 access, and you must have a government access card such as a Common Access Card (CAC), External Certification Authority (ECA), or a Personal Identity Verification (PIV) card. Without these IL4 credentials, you will be unable to access the reading material hosted in IL4. The IL4 documentation provides insight that you must leverage to ensure alignment with the IL5 compliance requirements. Adherence to these requirements allows you to proceed to IL5 and deploy applications.

To obtain IL5 access, you first must navigate to the Platform One sites referenced below and comply with the instructions on each:

  • Establish a Platform One Single Sign-On account via these instructions.
  • Follow these instructions for Appgate SDP installation instructions.
  • Ensure you have a government access card which has been configured to your Platform One Single Sign-On account. For additional information, read this guidance.
  • Utilize this guidance on executing hardening scripts, which ensures your device passes the necessary compliance checks required for IL5 access. Your device must be (at minimum) 80% compliant.

After you satisfy the above-mentioned compliance requirements, you will be eligible for IL5 access. Other configurations will be required. For example, our engineers will need to ensure you have been added to the appropriate application groups.

If you have questions or need additional information, contact our Customer Operations team for guidance.

Game Warden Environments

Development (DEV)

Your first deployment is to the Game Warden Development (DEV) environment which is hosted at IL2. DEV IL2 houses non-classified data with generally open access policies. As such, Game Warden customer engineering teams have access to this environment. Our engineers commonly access DEV IL2 to configure the environment and ensure your application functions as designed.

Staging (STG)

After the initial stages of onboarding, our engineers deploy your application to the Staging (STG) environment. The IL of the STG environment is contingent upon your intended PRD environment IL - if your goal is to deploy your application to production at IL4, your STG environment will be IL4. Depending on the IL, limited persons may have access to the source code in this environment. In staging, engineers usually perform application-level tasks and, again, must ensure your application continues to function properly. Extensive testing is performed at this juncture.

IL4+ Access

For access to IL4 and higher environments, your team must perform the following:
- Obtain a Government Access Card
- Download and configure Appgate SDP
- For IL5 access, run hardening scripts on your local machine

Production (PRD)

Upon testing completion, our engineers deploy your application to the Production (PRD) environment. This is a live environment, accessible to your users, at the IL of your choosing.

The Game Warden engineers can deploy applications to IL4 and IL5 (IL6 is on the roadmap), using additional security controls for higher levels of access.

If you are authorized at the appropriate IL for your endpoint, you should be granted access.