An error occurred:

Cloud Computing Mission Owner Operating System SRG Version Comparison

Cloud Computing Mission Owner Operating System Security Requirements Guide

Comparison

There are 1 differences between versions v1 r1 (June 14, 2024) (the "left" version) and v1 r3 (Aug. 13, 2025) (the "right" version).

Check SRG-OS-000096-CLD-000060 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

The Mission Owner must configure the Infrastructure as a Service (IaaS)/Platform as a Service (PaaS) to prohibit or restrict the use of functions, ports, protocols, and/or services.

Check Content

For If this is an Impact Level 2 cloud service offering, this is not a finding. For dedicated infrastructure with a DOD Information Network (DODIN) connection connection, (Levels 4–6), review the architecture diagrams. Verify This includes all user and management plane traffic for Impact Levels 4, 5, and 6, as well as management plane traffic for Impact Level 2 if managed/monitored from within a DOD network. Verify that the virtual firewall access control lists that restrict traffic flow inbound and outbound to/from the cloud service to the DODIN connection comply with the boundary requirements. Verify that all traffic from the cloud service provider (CSP) enclave and other sources are blocked by these methods. If the cloud service offering is not configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments, this is a finding.

Discussion

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), Mission Owners must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems.

Fix

This applies to all Impact Levels. FedRAMP Level 4/5/6. FedRAMP Moderate, High. For dedicated infrastructure with a DODIN connection (Impact (Levels Levels 4–6), 2–6), configure the IaaS/PaaS virtual firewall that restricts traffic flow inbound and outbound to/from the cloud service to the DODIN connection and block all traffic from all other sources. To ensure protocols and services are not blocked by the above configuration, register them along with their related UDP/TCP IP ports used by the SaaS service that will traverse the Defense Information Systems Network (DISN) in the DOD PPSM registry. This includes all user and management plane traffic for Impact Levels 4, 5, and 6 6, as well as management plane traffic for Impact Level 2 if managed/monitored from within a DOD network.