Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

DoD Cloud Security

DoD CC SRG

DoD CC SRG

Comprehensive consulting, advisory, and implementation services for DoD contractors having to comply with the Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG).

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) Consulting and Advisory

Arlington provides comprehensive consulting, advisory, and implementation services for DoD contractors having to comply with the Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG). Per a DoD memorandum put forth in December, 2014, “...For more sensitive DoD unclassified data or missions…[the] DoD has developed cloud security requirements and guidance that go beyond FedRAMP…”.

As such, the Cloud Computing (CC) Security Requirements Guide (SRG) outlines the security model by which DoD will leverage cloud computing, along with the security controls and requirements necessary for using cloud-based solutions. The CC SRG applies to DoD-provided cloud services and those provided by a contractor on behalf of the department, i.e., a commercial cloud service provider or integrator. With Arlington, we offer industry leading cloud security solutions for AWS, Microsoft Azure, Google Cloud, Salesforce, and more.

Purpose and Audience

  • Provides security requirements and guidance to DoD and commercial cloud service providers (CSPs) that want to have their cloud service offerings CSO(s) included in the DoD Cloud Service Catalog.

  • Establishes a basis on which DoD will assess the security posture of a DoD or non-DoD CSP’s CSO, supporting the decision to grant a DoD provisional authorization (PA) that allows a CSP to host DoD missions.

  • Establishes a basis on which a DoD component’s authorizing official (AO) will assess the security posture of a DoD CSP’s CSO, supporting the decision to grant a DoD component’s authorization to operate (ATO) for the CSP/CSO, and a DoD PA if the CSO might be leveraged by other DoD Components. (e.g., DISA’s ATO/PA for milCloud).

  • Defines the requirements and architectures for the use and implementation of DoD or commercial cloud services by DoD mission owners.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Related Services

Corresponding Case Studies

How Arlington Can Help with CC SRG Implementation and Compliance

Arlington offers the following advisory services for helping DoD contractors implement all required Cloud Computing (CC) Security Requirements Guide (SRG) measures:

Why Arlington?

Decades of Defense Industry Expertise. Recognized leaders in all things DoD. World-Class Arlington Security Portal (ASP).

Passion. Integrity. Innovation. Impact.

Get Started

System Architecture Design & Development

As a DoD contractor, whether you are building out a specific cloud environment or leveraging the services of a Cloud Service Provider (CSP), it’s critical to understand the overall system architecture, design, and development of such an environment, and its impact on your organization. Arlington offers proven services and solutions for helping DoD contractors understand - and implement - all required technical DoD CC SRG cloud based specifications into their environments.

Security Policies and Procedures

Arlington offers customized information security policy writing services for helping DoD contractors develop all necessary documentation for their cloud environments. A large part of today’s DoD mandated compliance measures require extensive policies and procedures to be in place, and we deliver with our NIST RMF documents that have been developed in accordance with the NIST SP 800 series publications.

Programs, Plans, and other Essential Documentation

DoD contractors operating in the cloud need to have a wide-range of programs and plan specific documents in place, those that go beyond basic policies and procedures. From incident response programs to business continuity plans, insider threat programs - and more - Arlington has the expertise for developing all required documentation for DoD contractors.

Complete Lifecycle of FedRAMP Services

Arlington offers the following FedRAMP services and solutions: (1). Scoping & gap assessments. (2). Documentation & remediation. (3). System Security Plan (SSP) development. (4). 3PAO RFP services for finding you the best assessor. (4). Complete end-to-end project management for the entire FedRAMP process.

Assistance with FedRAMP +

Arlington can also assist with compliance regarding FedRAMP+ - the concept of leveraging the work done as part of the FedRAMP assessment and adding specific security controls and requirements necessary to meet and ensure DoD’s critical mission requirements. A CSP’s CSO can be assessed in accordance with the criteria outlined in the published DoD CC SRG, with the results used as the basis for awarding a DoD provisional authorization.

Continuous Monitoring

Arlington can both develop and implement a comprehensive, yet highly efficient continuous monitoring program as required for cloud computing compliance requirements. Controls have to be regularly inspected and monitored - and corrected - if deficiencies are found. We have years of experience working with DoD contractors regarding cloud security, along with deep expertise in designing customized continuous monitoring programs.