For Impact Levels 4 and 5, the Mission Owner must register all cloud-based services, their CSP/CSO, and connection method in the DISA Systems/Network Approval Process (SNAP) database Cloud Module.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259877	SRG-OS-000368-CLD-000040	SV-259877r958804_rule		Medium

Description
Register all cloud-based systems and applications, including the cloud service provider (CSP)/cloud service offering (CSO) name, Mission Cyberspace Defense (MCD), and connection method in the DISA SNAP database Cloud Module. SNAP registration will enable cloud services to be connected to the DISA Information Systems Network (DISN) and is crucial for situational awareness. SNAP registration documentation must include designating a certified cybersecurity service provider (CSSP) as the Tier 2 Computer Network Defense (CND). If applicable, the IP address of the cloud service must be configured in accordance with the Mission Owner's IP registration in SNAP so they do not repurpose an already registered IP for new services without updating the SNAP registration. SNAP: https://snap.dod.mil/gcap/home.do Connection Approval: https://www.disa.mil/Network-Services/Enterprise-Connections/Connection-Approval

Description

Register all cloud-based systems and applications, including the cloud service provider (CSP)/cloud service offering (CSO) name, Mission Cyberspace Defense (MCD), and connection method in the DISA SNAP database Cloud Module. SNAP registration will enable cloud services to be connected to the DISA Information Systems Network (DISN) and is crucial for situational awareness. SNAP registration documentation must include designating a certified cybersecurity service provider (CSSP) as the Tier 2 Computer Network Defense (CND). If applicable, the IP address of the cloud service must be configured in accordance with the Mission Owner's IP registration in SNAP so they do not repurpose an already registered IP for new services without updating the SNAP registration. SNAP: https://snap.dod.mil/gcap/home.do Connection Approval: https://www.disa.mil/Network-Services/Enterprise-Connections/Connection-Approval

STIG	Date
Cloud Computing Mission Owner Operating System Security Requirements Guide	2024-06-13

Details

Check Text ( C-63608r945617_chk )
If this is a Software as a Service (SaaS) Impact Level 2 implementation, this is not applicable. Verify the CSP's cloud service offering is registered in SNAP for the connection approval, and it is the one being used in the cloud management portal. If the IP address registered in SNAP is not configured for use with the approved cloud environment, this is a finding.

Fix Text (F-63515r945618_fix)
This applies to Impact Levels 4 and 5. FedRAMP Moderate, High. Register the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) CSP's cloud service offering in SNAP for the connection approval. Register the IP address that the cloud service offering uses for the cloud management portal.