Regulatory Alert: Traps for the Unwary – DoD’s Cloud Computing Security Requirements (CC SRG)
It is important that all directly or indirectly involved in Federal contracting or securing ITAR Technical Data keep informed of the DOD’s cybersecurity requirements for not just their own IT networks but all their vendors providing online storage and collaboration services.
The Cloud Computing Security Requirements Guide (CC SRG) is included among many compliance standards for cloud services, such as various National Institute of Science and Technology (NIST) publication, those governing FedRAMP certification, and others. As RegDOX explains in a whitepaper it is releasing today, despite the fact that the CC SRG is a DoD publication, it would be a mistake to assume that the CC SRG affects only those directly involved in DoD contracting.
This whitepaper created by RegDOX begins with a brief review of the relevant provisions of the CC SRG and how its requirements could reach beyond just the limited, though large group of companies that are identifiable as DoD contractors.
While the CC SRG initially appears to restrict its scope “to DoD provided cloud services and those provided by a contractor on behalf of the Department”, no commercial cloud service provider or offeror of a cloud solution should conclude from this language that it does not need to adhere to the CC SRG. Click here to download the whitepaper and get more information on why this is the case.
RegDOX’s solution is NIST (SP) 800-171 and CC SRG Impact Level 4-compliant. RegDOX system is also unique in having been found to be ITAR-compliant in an advisory opinion by the DDTC – Directorate of Defense Trade Controls (U.S. State Department). Your customers can have the efficiency of best in class content management while ensuring compliance.
We would welcome the opportunity to support this process.
About RegDOX Solutions Inc.
Operating since 2007, RegDOX is a market-leading provider of highly intuitive SaaS solutions enabling customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. RegDOX® products and services include storage and data management.