The Defense Information Systems Agency (DISA) Cloud Computing Security Requirements Guide (CC SRG) outlines how the US Department of Defense (DoD) will assess the security posture of non-DoD cloud service providers (CSPs). Additionally, the CC SRG explains how non-DoD CSPs can show they meet the security controls and requirements before handling any DoD data.