The Mission Owner must select and configure an Impact Level 5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Unclassified National Security Information (U-NSI).

An XCCDF Rule

Description

<VulnDiscussion>U-NSI must be housed on an Impact Level 5 CSO. This is Unclassified National Security Systems (NSS) information and data. This is because NSS-specific security requirements are included in FedRAMP+.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259886r959010_rule
Severity: High
References: CCI-000366
Updated: 17 days ago

This applies to Impact Level 5.
FedRAMP High.

For U-NSI information, select and configure a CSO listed in the DISA PA DOD Cloud Catalog for use with Impact Level 5.

Specify in the Service Level Agreement (SLA) with the CSP and any third-party providers compliance with applicable STIG configurations.

The Mission Owner must select and configure an Impact Level 5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Unclassified National Security Information (U-NSI).

Description

Remediation - Manual Procedure