Appendix C: Impact Level Comparison
This chart is from Department of Defense Cloud Computing Security Requirements Guide Version 1, Revision 4:
https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/U_Cloud_Computing_SRG_V1R4.zip.
| IMPACT LEVEL | INFORMATION SENSITIVITY | SECURITY CONTROLS | LOCATION | OFF-PREMISES CONNECTIVITY | SEPARATION | CSP PERSONNEL REQUIREMENTS & INVESTIGATION EQUIVALENCY |
|---|---|---|---|---|---|---|
| 2 | PUBLIC | FedRAMP Moderate Baseline (MBL) | US / US outlying areas or DoD on-premises | Internet | Virtual / Logical Public Community | Tier 1 (T1) |
| 4 | CUI (FOUO, PII, PHI) or Non-CUI | Level 2 + CUI-specific tailored set OR FedRAMP High Baseline (HBL) | US / US outlying areas or DoD on-premises | NIPRNet via CAP | Virtual / Logical Limited “Public” Community Strong virtual separation between tenant systems & information | US Persons ADP-1 (IT-1) Tier 5 (T5) ADP-2 (IT-2) Tier 3 (T3) Non-Disclosure Agreement (NDA) |
| 5 | CUI (FOUO, PII, PHI), U-NSI/NSS | Level 4 + NSS-specific tailored set | US / US outlying areas or DoD on-premises | NIPRNet via CAP | Virtual / Logical Federal Government Community Dedicated multi-tenant infrastructure physically separate from non-Federal systems Strong virtual separation between tenant systems & information | US Persons ADP-1 (IT-1) Tier 5 (T5) ADP-2 (IT-2) Tier 3 (T3) Non-Disclosure Agreement (NDA) |
| 6 | Classified SECRET NSS | Level 5 + Classified overlay | US / US outlying areas or DoD on-premises CLEARED / CLASSIFIED FACILITIES | SIPRNet DIRECT with DoD enclave connection approval | Virtual / Logical Federal Government Community Dedicated multi-tenant infrastructure physically separate from non-Federal and UNCLASSIFIED systems Strong virtual separation between tenant systems & information | US Citizens with favorably adjudicated T5 & SECRET clearance NDA |