The Mission Owners must select and configure a cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog at Level 6 when hosting classified DOD information.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-259887 | SRG-OS-000480 | SRG-OS-000480-CLD-000033 | SV-259887r959010_rule | 2024-12-19 | 1 |
| Description |
|---|
| Impact Level 6 is reserved for the storage and processing of classified information. Impact Level 6 information up to the SECRET level must be stored and processed in a dedicated cloud infrastructure located in facilities approved for the processing of classified information, rated at or above the highest level of classification of the information being stored and/or processed. |
| ℹ️ Check |
|---|
| If the implementation is categorized as Impact Level 2–5, this is not applicable. Review the approval documentation and the DISA PA Cloud Catalog. Verify the CSO is listed in the DISA PA DOD Cloud Catalog. Verify the CSO is listed in the DISA PA DOD Cloud Catalog at Level 6 when hosting classified DOD information. If classified DOD information is being hosted in the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) and the CSO is not listed in the DISA PA DOD Cloud Catalog, Impact Level 6, this is a finding. |
| ✔️ Fix |
|---|
| This applies to Impact Level 6. FedRAMP Moderate, High. Configure a cloud service offering listed in the DISA PA DOD Cloud Catalog for use with Impact Level 6 when hosting classified DOD information. Specify in the Service Level Agreement (SLA) with the CSP and third-party providers compliance with applicable STIG configurations. |