Oracle Launches Secure Cloud Computing Architecture (SCCA) for Brokers and Integrators Serving the U.S. Department of Defense

Oracle today announced the launch of a new version of the Oracle Cloud Native SCCA Landing Zone for centralized IT teams, or their partners, to manage SCCA-compliant implementations for multiple customers and systems. Using a framework of cloud native services, the landing zone automates the process of building an SCCA-compliant architecture for the U.S. Department of Defense (DoD) Impact Level 2, 4, and 5 (IL2, IL4, IL5) workloads, saving significant time building secure systems in the cloud. DoD agencies, and the Managed Service Providers (MSPs) and systems integrators serving them can use the solution to achieve higher security and compliance standards, while making cloud adoption easier, faster, and more cost effective.

SCCA is a DoD security framework designed to provide a standard approach for boundary and application-level security for the DoD data hosted in commercial cloud environments. Historically, SCCA compliance has required significant investment from DoD mission owners, often requiring independent development efforts and third-party software licensing. The cost and time needed to build an SCCA-compliant architecture are significant obstacles for DoD technology modernization.

Available for Oracle customers at no extra charge, the Oracle Cloud Native SCCA Landing Zone solution includes baseline configurations and rules that are delivered using a standardized Infrastructure-as-Code to meet SCCA controls in an automated and repeatable way. Based on Terraform, landing zones allow users to perform one click, best practice deployments of multiple Oracle services at once. Customers can launch the landing zone, answer a few simple questions about their configuration, and have an architecture set up that same day.

"Some missions can wait. Yours can't. Our enhanced cloud native SCCA landing zone allows mission technology, centralized IT teams, or their partners, to rapidly build and manage SCCA-compliant implementations for dozens or hundreds of customer systems," said Rand Waldron, vice president, Oracle, Sovereign Cloud. "This exponentially accelerates the DoD's path to cloud. IL5 cloud should be low cost, full service, and easy to use in a secure and compliant way."

The solution addresses the four primary technical components of the SCCA framework: Cloud Access Point (CAP), Virtual Data Center Security Stack (VDSS), Virtual Data Center Management Stack (VDMS), and Trusted Cloud Credential Manager (TCCM). Customers who deploy the secure baseline using the Cloud Native SCCA Landing Zone are provided with an architecture guide, implementation guide, requirements checklist, reference architecture, and best practices to accelerate the accreditation of their application on Oracle Cloud Infrastructure (OCI).

The enhanced version of the SCCA landing zone allows mission owners to share core components like the VDSS and VDMS, while keeping their data isolated. This reduces the cost of the deployment, standardizes the security approach across entire system portfolios, and simplifies the deployment of workloads. The landing zone also provides a unique active-active disaster recovery (DR) capability that creates a resilient platform with 3 DoD IL5 accredited regions to choose from for a low latency architecture that provides robust continuity of operations.

Learn more about the variety of Oracle Landing Zones available to all OCI customers here.

Additional Resources

• Oracle Cloud Native SCCA Landing Zone
• Oracle Cloud for US Defense and Intelligence
• OCI SCCA GitHub