The Department of Defense Updates Security Requirements for Cloud Services
Client Alert | 1 min read | 02.01.22
The Department of Defense (DoD) recently published Version 1, Release 4 of its Cloud Computing Security Requirements Guide (SRG). The SRG outlines the administrative, technical, and physical security controls and requirements to be followed by contractors providing cloud services to the DoD pursuant to DFARS 252.239-7010, Cloud Computing Services.
The first update in almost five years, Release 4:
- Reduces the differences between FedRAMP and DoD requirements for cloud services and provides additional guidance with regard to reciprocity between the two authorization regimes;
- Updates the requirements for cloud services handling personally identifiable and protected health information;
- Introduces the possibility of higher authorization levels for cloud services offering the DoD physical, rather than logical, separation from other tenants;
- Clarifies guidance with regard to cloud access points through which a cloud service connects to the DoD’s network; and
- Makes a number of additional changes to modernize requirements, clarify ambiguities, and reduce redundancy.
The SRG instructs contractors currently providing cloud services to the DoD to transition to the requirements in Release 4 as soon as practical but not later than one year after the SRG’s publication. Contractors interested in providing cloud services to the DoD should prepare for an assessment against the new requirements, as Release 4 became effective upon publication.
Insights
Client Alert | 3 min read | 09.04.25
Not Just the FAR, SAM.gov Gets Overhauled Too
The System for Award Management (SAM, available at sam.gov) is set to incorporate Revolutionary FAR Overhaul (RFO) changes as early as the first quarter of 2026. The RFO process, which began earlier this year, will trigger matching changes to representations and certifications in SAM.gov.
Client Alert | 2 min read | 09.03.25
Client Alert | 5 min read | 09.03.25
If You’re Not First, You’re Last: Federal Circuit’s First Review of an AIA Derivation Proceeding
Client Alert | 2 min read | 09.03.25