The Department of Defense Updates Security Requirements for Cloud Services

Client Alert | 1 min read | 02.01.22

The Department of Defense (DoD) recently published Version 1, Release 4 of its Cloud Computing Security Requirements Guide (SRG). The SRG outlines the administrative, technical, and physical security controls and requirements to be followed by contractors providing cloud services to the DoD pursuant to DFARS 252.239-7010, Cloud Computing Services.

The first update in almost five years, Release 4:

Reduces the differences between FedRAMP and DoD requirements for cloud services and provides additional guidance with regard to reciprocity between the two authorization regimes;
Updates the requirements for cloud services handling personally identifiable and protected health information;
Introduces the possibility of higher authorization levels for cloud services offering the DoD physical, rather than logical, separation from other tenants;
Clarifies guidance with regard to cloud access points through which a cloud service connects to the DoD’s network; and
Makes a number of additional changes to modernize requirements, clarify ambiguities, and reduce redundancy.

The SRG instructs contractors currently providing cloud services to the DoD to transition to the requirements in Release 4 as soon as practical but not later than one year after the SRG’s publication. Contractors interested in providing cloud services to the DoD should prepare for an assessment against the new requirements, as Release 4 became effective upon publication.

Contacts

Evan D. Wolff
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2615
ZXdvbGZmQGNyb3dlbGwuY29t
Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Garylene (Gage) Javier
Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.654.6743
Z2phdmllckBjcm93ZWxsLmNvbSA=

Insights

Client Alert | 5 min read | 06.11.25

Steel Tariffs Doubled: How the Hike Could Reshape Construction Projects at Home and Abroad

To date the Trump Administration has issued multiple proclamations imposing varying rates of import duties on steel and aluminum and certain derivatives, including construction materials. These measures have added volatility and financial pressures to the construction sector both in the United States and abroad. Most recently, on June 3, 2025, President Donald Trump issued a proclamation under Section 232 of the Trade Expansion Act of 1962, doubling tariffs on imported steel and aluminum from 25% to 50%, effective June 4, 2025. This action aims to counteract the continued influx of lower-priced, excess steel and aluminum imports that, according to the administration, threaten U.S. national security by undermining domestic production capacity. The proclamation notes that while prior tariffs provided some price support, they were insufficient to achieve the necessary capacity utilization rates for sustained industry health and defense readiness. The United Kingdom remains temporarily exempt at the 25% rate until July 9, per the U.S.-U.K. Economic Prosperity Deal....

Client Alert | 5 min read | 06.11.25
The FCPA Pause Is Over: Trump DOJ Issues Long-Awaited FCPA Investigations and Enforcement Guidelines
Client Alert | 4 min read | 06.10.25
Trump Administration Cyber Executive Order Revises Prior Administrations’ Requirements
Client Alert | 19 min read | 06.09.25
The Month in International Trade - May 2025

View All Insights