STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cloud Computing Mission Owner Network Security Requirements Guide

V-259864

CAT I (High)

The Mission Owner's internet-facing applications must be configured to traverse the Cloud Access Point (CAP) and Virtual Datacenter Security Stack (VDSS) prior to communicating with the internet.

Rule ID

SV-259864r945580_rule

STIG

Cloud Computing Mission Owner Network Security Requirements Guide

Version

V1R2

CCIs

CCI-001097

Discussion

The CAP and VDSS architectures mitigate potential damages to the Defense Information Systems Network (DISN) and provide the ability to detect and prevent an attack before it reaches the DISN. All traffic bound for the internet will traverse the BCAP/ICAP and IAP. Mission applications may be internet facing; internet-facing applications can be unrestricted or restricted (requiring CAC authentication). DOD users on the internet may first connect to their assigned DISN Virtual Private Network (VPN) before accessing Mission Owner enclave or private applications.

Check Content

If this is a Software as a Service (SaaS), this is not a finding.

If Impact Level 2, but the cloud service provider (CSP) has control over the environment, this is not a finding.

Verify that virtual internet-facing applications are configured to traverse the CAP and VDSS prior to communicating with the internet.

If virtual internet-facing applications permit direct access to the CSP or the internet, this is a finding.

Fix Text

This applies to all Impact Levels.
FedRAMP Moderate, High.

Configure virtual internet-facing applications to traverse the CAP and VDSS prior to communicating with the internet.