Impact Levels¶
Impact Levels (ILs) are Department of Defense (DoD)-established categories that designate the level of information sensitivity and access. As the numeric value of an IL increases, so does the level of security.
There are four ILs:
Game Warden Environments¶
Your first deployment is to the Game Warden Development (DEV) environment which is hosted at IL2. DEV IL2 houses non-classified data with generally open access policies. As such, Game Warden customer engineering teams have access to this environment. Our engineers commonly access DEV IL2 to configure the environment and ensure your application functions as designed.
Info
Any environment at IL4 or higher can only be accessed with a Government Access Card
After the initial stages of onboarding, our engineers deploy your application to the Staging (STG) environment. The IL of the STG environment is contingent upon your intended PRD environment IL - if your goal is to deploy your application to production at IL4, your STG environment will be IL4. Depending on the IL, limited persons may have access to the source code in this environment. In staging, engineers usually perform application-level tasks and, again, must ensure your application continues to function properly. Extensive testing is performed at this juncture.
Upon testing completion, our engineers deploy your application to the Production (PRD) environment. This is a live environment, accessible to your users, at the IL of your choosing.
The Game Warden engineers can deploy applications to IL4 and IL5 (IL6 is on the roadmap), using additional security controls for higher levels of access.
You can self-register to access Game Warden-hosted application endpoints in IL4+. Anyone with a P1 SSO account who is authorized for the endpoint’s Impact Level should have access.
To register:
- Obtain a Government Access Card.
- Create P1 SSO account.
- Download and configure AppGate as needed.
- Test AppGate by trying to access the desired application endpoint.
If you are authorized at the appropriate IL for that endpoint, you should be granted access.
Impact Levels and FedRAMP¶
What is FedRAMP?
FedRAMP is a set of standards cloud providers must follow to gain authorization to work with federal agencies.
FedRAMP also employs "impact levels" to designate security levels cloud service provders (CSP) must meet to be in compliance (FedRAMP Low, Moderate, and High). DoD Impact Levels are used for CSPs that will handle government data. The two can be roughly mapped per the following:
- IL2 maps to FedRAMP Moderate
- IL4/5 maps to FedRAMP High
Data Spillage¶
Data Spillage is the unauthorized process of moving data from a higher IL to a lower one, accidentally, intentionally, or otherwise. More specifically, data spillage involves transferring Classified information or Controlled Unclassified Information (CUI) to an area void of the necessary security to protect this data or information.
Suspected Spillage
If you suspect spillage may have occurred, contact the Game Warden Security team at gamewardensecurity@secondfront.com
Data Spillage Prevention¶
To prevent data spillage:
- Align your actions with the standard protocols for moving data to/from external agencies.
- Do not store sensitive information in shared environments, unless there are security measures in place that solely permit authorized/need-to-know persons with access to these environments.
- Store sensitive data ONLY on authorized information systems.
- Do not breach classification borders.
- Make certain all information recipients have the required clearances/need-to-know access before sending information via email.
- Use Department of Defense (DoD) Secure Access File Exchange (SAFE)/encryption to send Personally Identifiable Information (PII), Protected Health Information (PHI), and other Controlled Unclassified Information (CUI), as required by the DoD.
- Do not store sensitive data on non-sensitive systems.
- ASK if you are uncertain if/how data should be transferred.