From: DOD
Defense Information Systems Agency (DISA) Field Security Operations (FSO) has released the draft Cloud Computing Security Requirements Guide (SRG) Version 1. The SRG provides guidance to CSPs interested in providing cloud services to DoD. Industry is invited to provide comments, recommended changes, and/or additions to the draft SRG by 29 December 2014 on the Comment Matrix spreadsheet. The draft SRG, Release/Comment/TIM memo, and spreadsheet are available at: http://iase.disa.mil/cloud_security/Pages/index.aspx.
FSO will also host a Technical Interchange Meeting (TIM) on 18 December 2014, 0930-1500 hrs EST via DCO and teleconference. The DCO URL and the teleconference number will be distributed to registered participants the day before the TIM. To register your TIM attendance, please email your contact information by 15 December 2014.
TIM Registration and Comment Matrices should be sent via email to: disa.letterkenny.FSO.mbx.stig-info at mail.mil. Include the title and version of the STIG in the subject line of all emails.
NOTE: This is a draft based on current policies which could change, to include virtual separation, clearance requirements, and other control requirements. Two specific areas of interest for industry input are in regard to security and legal considerations that would help alleviate DoD concerns related to virtual separation requirements and commercial approaches to meet the intent of DoD personnel security policies.
Leave a Reply