Skip to main content
Stephanie Bartlett | Mar 12, 2024

What Is DoD IL4 Authorization & Why Does It Matter?

For the Department of Defense (DoD), the availability, confidentiality and integrity of sensitive data is a top priority.  The advancement of cybersecurity risk can present major risks to individuals, businesses and governments alike.  Given that risk, having good information security and a robust cyber security posture is imperative.  Designations such as DoD Impact Level 4 (DoD IL4) authorization are therefore important for technology solutions being used by government agencies.

In this blog post, we’ll give an overview of DoD IL4 authorization and why it matters to government agencies when they evaluate cloud solutions.

What Is DoD IL4 Provisional Authorization?

The Defense Information Systems Agency (DISA) serves as the information technology combat support agency for the DoD.  More specifically, DISA provides critical guidance to cloud service providers for hosting DoD information and systems.  DISA’s rigorous security evaluations help government agencies make informed decisions when evaluating cloud service offerings.

As a core responsibility, DISA develops and maintains the baseline security requirements used by the DoD to assess the security of a cloud service offering.  DISA defines the DoD Impact Levels, the security guidelines for each and the requirements that must be followed.  In turn, those requirements ensure the confidentiality, integrity and availability of sensitive information.

DISA defines four Impact Levels:  IL2, IL4, IL5 and IL6.  For each increasing level, more robust standards exist based on two factors.  The first is the sensitivity of the information to be stored or processed.  The second is the potential impact of an event resulting in the loss of confidentiality, integrity or availability of information (see Figure 1).

Figure 1:  DoD Impact Level Definitions

The DoD IL4 recognition proves the cloud service offering meets security requirements for processing and storing non-public, unclassified data, including controlled unclassified information (CUI).  With such data, the unauthorized disclosure of information can have a serious adverse effect on organizational operations and assets, or individuals.

Although DoD IL4 does not contain classified data or data associated with national security, substantial safeguards are still required.  These safeguards include access controls, identification and authentication, encryption, auditing, and monitoring.

Why Is DoD IL4 Authorization Important for Federal Government Agencies?

In general, software that receives DoD IL4 authorization offers several key benefits for DoD organizations seeking to leverage cloud-based solutions to meet operational needs.

IL4-authorized software includes the following benefits:

  1. Security Assurance:  Undergoes rigorous security assessments and meets extensive security requirements set by the DoD to ensure the software has robust security features and controls in place to protect sensitive information.
  2. Mission Support:  Provides confidence for hosting and processing mission-critical applications and workloads that involve sensitive DoD information.
  3. Interoperability:  Promotes interoperability and compatibility among different DoD systems, platforms and environments – allowing for integration and data exchange between IL4-authorized applications and other DoD components to facilitate collaboration and information-sharing across the enterprise.
  4. Trust and Confidence:  Gives assurance to DoD stakeholders that the software meets the DoD’s rigorous security standards and requirements, enhancing trust and confidence in the software’s ability to ensure the integrity and confidentiality of data.
  5. Efficiency and Cost Savings:  Helps DoD organizations streamline operations, improve efficiency and achieve long-term cost savings by reducing the risk of security incidents and associated remediation costs.

OneStream and DoD IL4 Authorization

OneStream Software is proud to have received DoD IL4 provisional authorization.  When seeking secure cloud solutions that meet federal standards, federal agencies require this important qualification to ensure good information security.

This recognition signifies that OneStream Software meets the security requirements for the processing and storage of controlled unclassified information.

With this authorization, OneStream provides DoD agencies with a robust platform solution for financial consolidation, reporting, planning, analysis and data quality at a heightened security level.

OneStream thus ultimately enables agencies to accelerate and simplify planning processes across the Budget and Finance Offices.  By modernizing back-office operations, federal agencies can better navigate increasing resource costs, optimize funding allocations and advance mission outcomes (see Figure 2).

Figure 2:  OneStream Federal Dashboard Example

At OneStream, we believe security and compliance are critical, so we are committed to providing a secure and reliable platform for our customers.  DoD IL4 marks the latest addition to OneStream’s compliance portfolio, including FedRAMP status Moderate.


DISA plays a crucial role in supporting the needs of the DoD and maintains high standards to ensure security, compliance and mission readiness for cloud environments.  When evaluating software, federal government agencies should understand DISA’s Impact Levels and how they can support agency missions to ensure confidence in selecting software that meets agency requirements.

Learn More

Learn more about how OneStream’s platform uniquely empowers government agencies to plan with confidence and best serve their missions at

Learn More

Get Started With a Personal Demo

Hundreds of organizations have made the leap from spreadsheets and legacy CPM applications to OneStream and never looked back. Join the revolution!
Demo Sign Up