DCSA Releases New Guidelines for Cleared Contractors Using Commercial Cloud Services

The document outlines the Department of Defense's Defense Counterintelligence and Security Agency (DCSA) guidelines for cleared contractors regarding the use of Commercial Cloud Services (CCS) for classified contracts. It specifies the process for DCSA verification of Government Contracting Activity (GCA) authorization for contractors' use of CCS under the Defense Federal Acquisition Regulation Supplement (DFARS). Three methods for authorization are detailed: specification in DD Form 254, verification of DFARS clause 252.239.7010 inclusion, or obtaining contracting officer approval if CCS usage changes post-solicitation. Compliance with the Defense Information Systems Agency (DISA) Cloud Computing Security Requirements Guide is mandatory for contracts including DFARS Clause 252.239.7010.