Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Cloud Computing Mission Owner Operating System Security Requirements Guide
SRG-OS-000001
SRG-OS-000001
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-OS-000001
1 Rule
The Mission Owner must configure the customer service portal credentials for least privilege.
High Severity
The Mission Owner must appoint specific individuals or entities to establish plans and policies for the control of privileged user access (including root account credentials) used to establish, configure, and control a Mission Owner's Virtual Private Cloud (VPC) configuration once connected to the DISA Information Systems Network (DISN). These individuals or entities establish and manage accounts and credentials used by privileged DOD users and systems to administer and control DOD cloud service offering configurations. This role is intended to operate at all DOD information Impact Levels. However, it may not apply to some Software-as-a-Service (SaaS) solutions where DOD account owners are not required to use the cloud service provider's (CSP's) Identity and Access Management (IdAM) system to administer user accounts and service configurations.