Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Mission Owners must select and configure a cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog at Level 6 when hosting classified DOD information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259887 | SRG-OS-000480-CLD-000033 | SV-259887r959010_rule | High |
| Description |
|---|
| Impact Level 6 is reserved for the storage and processing of classified information. Impact Level 6 information up to the SECRET level must be stored and processed in a dedicated cloud infrastructure located in facilities approved for the processing of classified information, rated at or above the highest level of classification of the information being stored and/or processed. |
| STIG | Date |
|---|---|
| Cloud Computing Mission Owner Operating System Security Requirements Guide | 2024-06-13 |
Details
| Check Text ( C-63618r945647_chk ) |
|---|
| If the implementation is categorized as Impact Level 2–5, this is not applicable. Review the approval documentation and the DISA PA Cloud Catalog. Verify the CSO is listed in the DISA PA DOD Cloud Catalog. Verify the CSO is listed in the DISA PA DOD Cloud Catalog at Level 6 when hosting classified DOD information. If classified DOD information is being hosted in the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) and the CSO is not listed in the DISA PA DOD Cloud Catalog, Impact Level 6, this is a finding. |
| Fix Text (F-63525r945648_fix) |
|---|
| This applies to Impact Level 6. FedRAMP Moderate, High. Configure a cloud service offering listed in the DISA PA DOD Cloud Catalog for use with Impact Level 6 when hosting classified DOD information. Specify in the Service Level Agreement (SLA) with the CSP and third-party providers compliance with applicable STIG configurations. |