Email this Article Email   

CHIPS Articles: DISA Releases New Cloud Security Requirements Guide

DISA Releases New Cloud Security Requirements Guide
By DISA News - January 14, 2015
FORT GEORGE G. MEADE, Md. – A new Cloud Computing Security Requirements Guide was released today by the Defense Information Systems Agency to provide guidance and policy to commercial Cloud Service Providers and mission partners in the Department of Defense as they explore cloud computing options.

"The SRG is designed to ensure that DoD can attain the full economic and technical advantages of using the commercial cloud without putting the department’s data and missions at risk," said Mark Orndorff, DISA Risk Management Executive.

The Cloud Computing SRG establishes the DoD security objectives to host DoD missions up to and including SECRET on commercial service offerings. Missions above SECRET must follow existing applicable DoD policies and are not covered by the SRG.

The SRG incorporates, supersedes, and rescinds the previously published Cloud Security Model and applies to all CSP offerings, regardless of who owns or operates the environments.

The Cloud Computing SRG serves several purposes:

  • Provides security requirements and guidance to non-DoD owned and operated CSPs that wish to have their service offerings included in the DoD Cloud Service Catalog.
  • Establishes a basis on which DoD will assess the security posture of a non-DoD CSP's service offering, supporting the decision to grant a DoD Provisional Authorization that allows a non-DoD CSP to host DoD missions.
  • Defines the policies, requirements, and architectures for the use and implementation of commercial cloud services by DoD Mission Owners.
  • Provides guidance to DoD Mission Owners and Assessment and Authorization officials (formerly Certification and Accreditation) in planning and authorizing the use of a CSP.

The SRG is posted on the IASE website: http://http://iase.disa.mil/Pages/index.aspx.

Visit the DISA website: www.disa.mil.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer