New Cloud Computing Security Requirements Guide – Part II

February 17, 2015 Off By David

Grazed from CCSKGuide. Author: Editorial Staff.

The DoD’s new Cloud Computing Security Requirements Guide (SRG), released by the Defense Information Systems Agency (DISA), replaces their previous Cloud Security Model. The guide outlines an overall “security posture” that directs cloud service providers (CSPs) seeking to work with the DoD. This article is a continuation of a previous one, which introduced the four new information impact levels. Here, we will examine the DoD process of risk assessment of cloud service offerings, as defined by the SRG.

Risk Assessment Process

Shifting to cloud computing means that risk management processes must change as well. The goal is to address requirements and controls, relative to the criticality of DoD information in the external cloud, in a cost effective way. At the same time, it is also to assure the security of DoD core missions and networks in accordance with the DoD RMF…

To support the relationship of missions to cloud capabilities, the DoD has defined information impact levels (discussed in the previous article), which broadly align to the criticality, sensitivity of data and missions that would operate in the cloud…

Read more from the source @ http://ccskguide.org/new-cloud-computing-security-requirements-guide-part-ii/