The Mission Owner must select and configure an Impact Level 5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Unclassified National Security Information (U-NSI).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-259886 | SRG-OS-000480 | SRG-OS-000480-CLD-000032 | SV-259886r959010_rule | 2024-12-19 | 1 |
| Description |
|---|
| U-NSI must be housed on an Impact Level 5 CSO. This is Unclassified National Security Systems (NSS) information and data. This is because NSS-specific security requirements are included in FedRAMP+. |
| ℹ️ Check |
|---|
| If the implementation is categorized as Impact Level 2, 4, or 6, this is not applicable. Review the approval documentation and the DISA PA Cloud Catalog. For clouds hosting U-NSI information, verify the CSO is listed as Impact Level 5. If U-NSI is being hosted in the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) and the CSO is not listed in the DISA PA DOD Cloud Catalog as Impact Level 5, this is a finding. |
| ✔️ Fix |
|---|
| This applies to Impact Level 5. FedRAMP High. For U-NSI information, select and configure a CSO listed in the DISA PA DOD Cloud Catalog for use with Impact Level 5. Specify in the Service Level Agreement (SLA) with the CSP and any third-party providers compliance with applicable STIG configurations. |