DOD Cloud Security Act

DOD Cloud Security Act - Directs the Comptroller General to: (1) review and summarize the best practices relating to cloud security by reviewing the practices of other federal agencies and commercial cloud providers, (2) assess the cloud capacity of the Department of Defense (DOD) and other departments by assessing how and to what extent DOD has adopted commercial cloud practices, and (3) assess the opportunities for DOD to utilize cloud computing in lieu of or in addition to conventional computing.

Requires the Chief Information Officer of DOD to: (1) determine the security requirements that are necessary for any cloud service to store DOD information; (2) conduct a threat-based assessment of whether security controls resident in commercial cloud services and the cloud services of other federal agencies meet DOD's security requirements; (3) require any government-owned, operated, or unique system that is or will be designed to provide cloud capabilities for DOD to be certified and accredited through the same process used for commercial service providers; (4) ensure that, as part of any DOD pilot demonstrations with commercial cloud vendors, an analysis is conducted of the Defense Information Systems Agency working with commercial service providers operating for DOD; and (5) ensure that a briefing is provided to specified congressional committees within 30 days after the conclusion of such pilot demonstrations.