Skip to content
Log In

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000438

    Group
    Show

  • The Mission Owner of the Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) must remove all upgraded or replaced software and firmware components that are no longer required for operation.

    Adversaries may exploit previous versions of software components that are not removed from the information system after updates have been installed. Some information technology products may remove ...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The Mission owner must obtain Authorizing Official (AO) authorization for each cloud service offering (CSO) implemented in support of production or development environments prior to operational use.

    The Mission Owner must choose a CSO that fits the operational needs and also has a DOD Provisional Authorization (PA) at the information Impact Level corresponding to the categorization of the info...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The Mission Owner must select and configure an Impact Level 2 FedRAMP authorized cloud service offering (CSO) when hosting unclassified, publicly releasable DOD information.

    FedRAMP Moderate is the minimum security baseline for all DOD cloud services. Components and Mission Owners may host unclassified, publicly releasable DOD information on FedRAMP Moderate approved c...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The Mission Owner must select and configure an Impact Level 4/5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Controlled Unclassified Information (CUI).

    Impact Level 4 accommodates Controlled Unclassified Information (CUI). This information must be protected from unauthorized disclosure. Designating information as CUI is the responsibility of the d...
    Rule High Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The Mission Owner must select and configure an Impact Level 5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Unclassified National Security Information (U-NSI).

    U-NSI must be housed on an Impact Level 5 CSO. This is Unclassified National Security Systems (NSS) information and data. This is because NSS-specific security requirements are included in FedRAMP+.
    Rule High Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The Mission Owners must select and configure a cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog at Level 6 when hosting classified DOD information.

    Impact Level 6 is reserved for the storage and processing of classified information. Impact Level 6 information up to the SECRET level must be stored and processed in a dedicated cloud infrastructu...
    Rule High Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The Mission Owner must add all applicable compensating controls and requirements in the Service Level Agreement (SLA)/contract with the cloud service provider (CSP) or third-party provider.

    The Mission Owner may tailor the SLA/contract to include any of the controls in the Cloud Computing Mission Owner SRG Overview, Table-3-1, beyond the FedRAMP and DOD Baseline and FedRAMP+ security ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules