DFARS 252.239-7010Cloud Computing Services
Overview
This clause establishes requirements for cloud computing services used in DoD contracts. Cloud service providers must meet FedRAMP authorization requirements and comply with the DoD Cloud Computing Security Requirements Guide (SRG). Data must be stored within the United States unless specifically authorized otherwise.
When Does This Apply?
Contracts that involve the use of cloud computing services to process, store, or transmit DoD data, including CUI and other sensitive information.
Key Requirements
- 1Obtain FedRAMP authorization at the required impact level
- 2Comply with DISA Cloud Computing Security Requirements Guide (SRG)
- 3Store data within the United States unless authorized otherwise
- 4Report cloud security incidents per DFARS 252.204-7012 requirements
Flowdown to Subcontractors
Yes — DFARS 252.239-7010 flows down to subcontractors. All subcontractors in the supply chain must comply with this clause when applicable.
Frequently Asked Questions
What is DFARS 252.239-7010?
DFARS 252.239-7010 (Cloud Computing Services) This clause establishes requirements for cloud computing services used in DoD contracts. Cloud service providers must meet FedRAMP authorization requirements and comply with the DoD Cloud Computing Se
Does DFARS 252.239-7010 flow down to subcontractors?
Yes, DFARS 252.239-7010 flows down to subcontractors. All applicable subcontractors must comply with this clause.
When does DFARS 252.239-7010 apply?
Contracts that involve the use of cloud computing services to process, store, or transmit DoD data, including CUI and other sensitive information.
Related Guides
Stay compliant with DFARS 252.239-7010
Cabrillo Club automates compliance tracking and alerts you when DFARS clauses are amended.
Join Free