![]() The 15 December 2014 DoD CIO memo regarding Updated Guidance on the Acquisition and Use of Commercial Cloud Computing Services states that 'FedRAMP will serve as the minimum security baseline for all DoD cloud services'. CNSSI 1253 Security Categorization and Control Selection for National Security Systems provides guidance on the security standards that federal agencies should apply to categorize national security information.NIST SP 800-59 Guideline for Identifying an Information System as a National Security System provides definitions of NSS.NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations is intended for use by federal agencies in contracts or other agreements established with non-federal organizations.The CUI Registry provides specific categories of information that is under protection by the Executive branch, for example, more than 20 category groupings are included in the CUI category list.It issues DoD Provisional Authorizations (PAs) when appropriate, so DoD agencies and supporting organizations can use cloud services without having to go through a full approval process on their own, saving time and effort.Īccording to SRG Section 3.2 Information Impact Levels, IL5 information covers:Ĭontrolled Unclassified Information (CUI) that requires higher level of protection than that afforded by IL4 ![]() ![]() It also evaluates CSP offerings for compliance with the SRG, an authorization process whereby CSPs can furnish documentation outlining their compliance with DoD standards. ![]() It incorporates, supersedes, and rescinds the previously published DoD Cloud Security Model (CSM) and maps to the DoD Risk Management Framework (RMF).ĭISA guides DoD agencies and departments in planning and authorizing the use of a CSP. The SRG defines the baseline security requirements used by DoD to assess the security posture of a cloud service provider (CSP), supporting the decision to grant a DoD Provisional Authorization (PA) that allows a CSP to host DoD missions. The Defense Information Systems Agency (DISA) is an agency of the US Department of Defense (DoD) that is responsible for developing and maintaining the DoD Cloud Computing Security Requirements Guide (SRG). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |