When defense organizations are looking for a reliable source to store and share their controlled unclassified information (CUI), they often turn to a cloud service provider (CSP). The cloud is a better choice for contractors than on-premises storage because the cloud allows for unlimited storage, access to data from anywhere, data resiliency, and freedom from hardware management and maintenance.

The DoD views cloud computing data centers as extensions of the contractor’s internal IT systems, and as such, choosing a CSP cannot be taken lightly. Contractors must ensure their CSP handles CUI in accordance with regulatory requirements for FIPS Validation, FedRAMP Moderate Baseline or equivalent, DFARS (c)-(g), and ITAR, if required. If the CSP does not meet these requirements, it cannot be used as part of a contractor CMMC 2.0 or ITAR compliance Effort.


This blog was written to help contractors understand the compliance requirements that CSPs need to store, share, and…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.