Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Public HPC Docs > Security and Compliance > Flashcards

Security and Compliance Flashcards

1
Q

Do I use CIS or STIG

A

The CC SRG, on page 74, calls this out. Mission owners must use all applicable DoD SRGs and STIGs to secure all mission owner systems and applications instantiated on CSP’s IaaS and PaaS at all levels.

For CSP’s

Impact level 2: While the use of STIGs and SRGs by CSPs is preferable, industry standard baselines such as those provided by the Center for Internet Security (CIS) benchmarks are an acceptable alternative to the STIGs and SRGs.

Impact levels 4/5/6: STIGs are applicable if the CSP uses the product a STIG addresses. SRGs are applicable in lieu of STIGs if a product-specific STIG is not available. However, the SP 800-53 control applies whether or not a STIG or SRG is available. While the DoD level 4/5/6 value for CM-6 is to use DoD SRGs and STIGs as applicable, DISA will evaluate the CSP’s usage of commercial equivalencies (e.g., CIS benchmarks) on a case-by-case basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Public HPC Docs (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions