STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cloud Computing Mission Owner Operating System Security Requirements Guide

V-259883

CAT II (Medium)

The Mission owner must obtain Authorizing Official (AO) authorization for each cloud service offering (CSO) implemented in support of production or development environments prior to operational use.

Rule ID

SV-259883r959010_rule

STIG

Cloud Computing Mission Owner Operating System Security Requirements Guide

Version

V1R3

CCIs

CCI-000366

Discussion

The Mission Owner must choose a CSO that fits the operational needs and also has a DOD Provisional Authorization (PA) at the information Impact Level corresponding to the categorization of the information to be processed or stored in the CSO. The PA and supporting documentation must then be leveraged by the Mission Owner's AO in granting the required Authority to Operate (ATO) for the mission system operating within the cloud.

Check Content

Review the approval documentation. Verify the ATO indicates the component level AO has authorized the use of the CSO.

If the Mission Owner's AO has not authorized the use of the CSO, this is a finding.

Fix Text

This applies to all Impact Levels.
FedRAMP Moderate, High.

Obtain AO authorization for each CSO implemented in support of production or development environments prior to operational use.