5 SECURITY REQUIREMENTS

5.1 DoD Policy Regarding Security Controls

5.2 Legal Considerations

5.3 Ongoing Assessment

5.4 CSP use of DoD Public Key Infrastructure (PKI)

5.5 Policy, Guidance, Operational Constraints

5.6 Physical Facilities and Personnel Requirements

5.7 Data Spill

5.8 Data Retrieval and Destruction for Off-boarding from a CSO

5.9 Reuse and Disposal of Storage Media and Hardware

5.10 Architecture

5.11 Encryption of Data-at-Rest in Commercial Cloud Storage

5.12 Backup

5.13 DoD Contractor / DoD Component Mission Partner Use of CSOs

5.14 Mission Owner DoD Test and Development in the Cloud

5.15 Ports, Protocols, Services, Management and Cloud Based Systems/Applications

5.16 Mobile Code

5.17 Registration and Connection Approval for Cloud Based Systems/Applications

5.18 Supply Chain Risk Management Assessment

5.19 Electronic Mail Protections IAW TASKORD 12-0920