DoD Issues Long-Awaited Interim Rule on Cyber Requirements and Cloud Services

Client Alert | 1 min read | 09.03.15

As discussed in our recent blog post, on August 26, DoD published an Interim Rule that would expand the already onerous requirements of the DFARS Safeguarding Clause by broadening its application to "covered defense information" and by requiring subcontractors to report cyber incidents directly to DoD. As discussed in a separate blog post, the Interim Rule also seeks to ensure uniformity in the DoD's IT acquisition and use of cloud computing services by adding T&C's, including that, unless otherwise authorized, cloud service providers must maintain all government data within the U.S., outlying areas, or DoD premises.

Contacts

Peter Eyre
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2807
cGV5cmVAY3Jvd2VsbC5jb20=
Olivia Lynch
Partner
- Washington, D.C.
  - D | +1.202.624.2654
b2x5bmNoQGNyb3dlbGwuY29t
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 05.14.26

CISA’s “CI Fortify” Initiative Signals New Expectations for Critical Infrastructure Resilience: What Operators and Vendors Need to Know

On May 5, 2026, CISA announced CI Fortify — an initiative directing critical infrastructure owners and operators to prepare for geopolitical conflict in which OT networks are actively targeted while communications infrastructure is simultaneously degraded....

Client Alert | 4 min read | 05.14.26
No-Fly Zones for Drones: FAA Proposes New Rules Over Critical Infrastructure
Client Alert | 2 min read | 05.14.26
Proposed DFARS Rule Could Require Disclosures and Mitigation Related to Foreign Ownership, Control, and Influence (FOCI) on Certain Unclassified Contracts
Client Alert | 4 min read | 05.14.26
Supply Chain Disruption – Again

View All Insights