The Mission Owners must select and configure a cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog at Level 6 when hosting classified DOD information.

An XCCDF Rule

Description

<VulnDiscussion>Impact Level 6 is reserved for the storage and processing of classified information. Impact Level 6 information up to the SECRET level must be stored and processed in a dedicated cloud infrastructure located in facilities approved for the processing of classified information, rated at or above the highest level of classification of the information being stored and/or processed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259887r959010_rule
Severity: High
References: CCI-000366
Updated: 17 days ago

This applies to Impact Level 6.
FedRAMP Moderate, High.

Configure a cloud service offering listed in the DISA PA DOD Cloud Catalog for use with Impact Level 6 when hosting classified DOD information. 

Specify in the Service Level Agreement (SLA) with the CSP and third-party providers compliance with applicable STIG configurations.

The Mission Owners must select and configure a cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog at Level 6 when hosting classified DOD information.

Description

Remediation - Manual Procedure