Government Cloud Compliance

• Data we handle: Controlled Unclassified Information (CUI), export‑controlled technical data, Facility‑Related Control Systems (FRCS) drawings/configuration files, and Risk Management Framework (RMF) artifacts for DoD projects.
• Regulatory drivers: DFARS 252.204‑7012, NIST SP 800‑171, the DoD Cloud Computing SRG (DoD CC SRG), and UFC 4‑010‑06 guide us to U.S.‑sovereign cloud services accredited at FedRAMP High and, for DoD workloads, aligned to DoD CC SRG IL4/IL5. Our internal enclave uses Microsoft 365 Government (GCC High, FedRAMP High, U.S.‑sovereign) together with Azure Government services authorized at DoD CC SRG IL4. When a workload explicitly requires IL5, we execute within Government‑ or client‑furnished IL5 environments.
• Current status: CDS (Control Defense Systems) operates a dedicated GCC High tenant and an Azure Government subscription leveraging IL4‑authorized services to support FRCS design collaboration and early RMF steps/artifacts with DoD stakeholders. These environments are fully active and in daily use.
• Operating model: All CUI email, file storage, collaboration, RMF design artifacts, scanning outputs, and code/config repositories are processed exclusively within our Private Secure / GCC High / Azure Government enclave. Access is restricted to U.S. persons with appropriate background checks; MFA, logging, auditing, and Data Loss Prevention (DLP) are enforced.
• Scope limits: CDS does not host classified content. When a project requires SECRET or higher, work is performed within Government‑furnished classified environments (e.g., IL6/SIPR or on‑prem as directed).
• Outcome: Our enclave supports FRCS design and early RMF work for CUI at the IL4 baseline. For contracts mandating IL5, we perform within approved IL5 environments furnished by the Government or the client.