The Defense Information Systems Agency has approved and released the Cloud Computing Security Requirements Guide, or SRG, for cloud service providers looking to offer services to Department of Defense mission owners.
DISA said Friday the guide, which the security controls and requirements necessary for CSPs to , is downloadable from the DOD Cyber Exchange website or at the Cyber Exchange public webpage.
The Cloud Service Provider SRG reflects the transition to NIST 800-53 Rev 5 and focuses on CNSSP-32 for National Security Systems requirements.
It has a DOD mission owners document, which underscores their responsibilities, and a CSP document, which focuses on the cloud service providers’ requirements.
DOD’s cloud computing policy and the SRG follow an agile development strategy, resulting in the guidelines’ constant evolution based on learnings on authorizations of cloud service offerings. DISA supports the strategy through a continuing public review, wherein it accepts comments focusing on vital issues, including coverage recommendations.