Cloud Computing Mission Owner Operating System Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The Mission owner must obtain Authorizing Official (AO) authorization for each cloud service offering (CSO) implemented in support of production or development environments prior to operational use.
<VulnDiscussion>The Mission Owner must choose a CSO that fits the operational needs and also has a DOD Provisional Authorization (PA) at the ...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The Mission Owner must select and configure an Impact Level 2 FedRAMP authorized cloud service offering (CSO) when hosting unclassified, publicly releasable DOD information.
<VulnDiscussion>FedRAMP Moderate is the minimum security baseline for all DOD cloud services. Components and Mission Owners may host unclassi...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The Mission Owner must select and configure an Impact Level 4/5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Controlled Unclassified Information (CUI).
<VulnDiscussion>Impact Level 4 accommodates Controlled Unclassified Information (CUI). This information must be protected from unauthorized d...Rule High Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The Mission Owner must select and configure an Impact Level 5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Unclassified National Security Information (U-NSI).
<VulnDiscussion>U-NSI must be housed on an Impact Level 5 CSO. This is Unclassified National Security Systems (NSS) information and data. Thi...Rule High Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The Mission Owners must select and configure a cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog at Level 6 when hosting classified DOD information.
<VulnDiscussion>Impact Level 6 is reserved for the storage and processing of classified information. Impact Level 6 information up to the SEC...Rule High Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The Mission Owner must add all applicable compensating controls and requirements in the Service Level Agreement (SLA)/contract with the cloud service provider (CSP) or third-party provider.
<VulnDiscussion>The Mission Owner may tailor the SLA/contract to include any of the controls in the Cloud Computing Mission Owner SRG Overvie...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.