The CC SRG outlines the security model by which DoD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions. It applies to DoD provided cloud services and those provided by commercial Cloud Service Providers (CSPs)/DoD contractors on behalf of the Department. Download the CC SRG from the document library.
The audience for the CC SRG includes:
- Commercial and non-DoD Federal Government CSPs
- DoD programs operating as a CSP
- DoD Components and Mission Owners using, or considering the use of, commercial/non-DoD and DoD cloud computing services
- DoD risk management assessment officials and Authorizing Officials (AOs)
DoD Cloud computing policy and the CC SRG is constantly evolving based on lessons learned with respect to the authorization of Cloud Service Offerings and their use by DoD Components. As such the CC SRG is following an “Agile Policy Development” strategy and will be updated quickly when necessary. In support of this strategy, DISA is offering a continuous public review option by accepting comments on the current version of the CC SRG at any time. We would appreciate it if your comments are limited to critical issues and omissions or recommended coverage topics.
Submit all comment matrices and questions to firstname.lastname@example.org