Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Cloud Computing Mission Owner Operating System Security Requirements Guide
SRG-OS-000368
SRG-OS-000368
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-OS-000368
1 Rule
<GroupDescription></GroupDescription>
For Impact Levels 4 and 5, the Mission Owner must register all cloud-based services, their CSP/CSO, and connection method in the DISA Systems/Network Approval Process (SNAP) database Cloud Module.
Medium Severity
<VulnDiscussion>Register all cloud-based systems and applications, including the cloud service provider (CSP)/cloud service offering (CSO) name, Mission Cyberspace Defense (MCD), and connection method in the DISA SNAP database Cloud Module. SNAP registration will enable cloud services to be connected to the DISA Information Systems Network (DISN) and is crucial for situational awareness. SNAP registration documentation must include designating a certified cybersecurity service provider (CSSP) as the Tier 2 Computer Network Defense (CND). If applicable, the IP address of the cloud service must be configured in accordance with the Mission Owner's IP registration in SNAP so they do not repurpose an already registered IP for new services without updating the SNAP registration. SNAP: https://snap.dod.mil/gcap/home.do Connection Approval: https://www.disa.mil/Network-Services/Enterprise-Connections/Connection-Approval</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>