The Mission Owner must select and configure an Impact Level 5 cloud service offering (CSO) listed in the DISA Provisional Authorization (PA) DOD Cloud Catalog when hosting Unclassified National Security Information (U-NSI).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259886 | SRG-OS-000480-CLD-000032 | SV-259886r959010_rule | High |
| Description |
| U-NSI must be housed on an Impact Level 5 CSO. This is Unclassified National Security Systems (NSS) information and data. This is because NSS-specific security requirements are included in FedRAMP+. |
| STIG | Date |
| Cloud Computing Mission Owner Operating System Security Requirements Guide | 2024-12-19 |
Details
| Check Text (C-63617r945644_chk) |
| If the implementation is categorized as Impact Level 2, 4, or 6, this is not applicable. Review the approval documentation and the DISA PA Cloud Catalog. For clouds hosting U-NSI information, verify the CSO is listed as Impact Level 5. If U-NSI is being hosted in the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) and the CSO is not listed in the DISA PA DOD Cloud Catalog as Impact Level 5, this is a finding. |
| Fix Text (F-63524r945645_fix) |
| This applies to Impact Level 5. FedRAMP High. For U-NSI information, select and configure a CSO listed in the DISA PA DOD Cloud Catalog for use with Impact Level 5. Specify in the Service Level Agreement (SLA) with the CSP and any third-party providers compliance with applicable STIG configurations. |