DoD Impact Levels


How to Prevent Data Breaches with Cloud Security Solutions

Cloud security has become increasingly important across the federal government in response to the rising number of cyberattacks such as ransomware, viruses and phishing scams. While cybercrimes continue to escalate, The Defense Information Systems Agency (DISA) recognizes the many benefits of cloud technology solutions and issued the Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG). Cloud service providers (CSP) must comply with the most current DoD security requirements by ensuring that their cloud service offerings (CSO) preserve the confidentiality, integrity and availability of sensitive data.


Carahsoft partners with a wide variety of authorized CSPs to deliver exceptional solutions that ensure network security, information protection and dataflow continuity for government defense agencies. Discover how to meet DoD cybersecurity requirements with cloud deployment and information management services that comply with the DoD CC SRG.


Why is DoD Compliance Important?


The DoD cybersecurity requirements provide guidance and best practices for CSPs to mitigate risk exposure by implementing access controls that safeguard assets from unauthorized users. This process strengthens our Nation’s IT security posture by ensuring that the government procures certified cloud solutions, which have achieved Authority to Operate (ATO), so your agency can rest assured, knowing its most sensitive data is safe from threats. Are you interested in learning more about how to acquire commercial cloud services listed on the DoD Cloud Service Catalog?


DoD Impact Level Image

DoD Impact Levels (IL) Explained


DoD Impact levels measure the degree of data sensitivity and how compromising the confidentiality, integrity, or availability of mission-critical information would affect national security. DoD Impact Levels are classified as:

  • DoD IL2: Non-critical DoD mission information or information that is marked for public consumption.
  • DoD IL4: Controlled unclassified information (CUI) or non-CUI that is for official use only (FOUO). IL3 is no longer a classification used by the DoD and has been consolidated into IL4.
  • DoD IL5: CUI with heightened sensitivity and national security systems (NSS) information FOUO.
  • DoD IL6:NSS information that is classified SECRET for the DoD.


Find a cloud solution for the DoD Impact Level that suits your mission needs.


  • All DoD Impact Levels Vendors
  • DoD IL2
  • DoD IL4
  • DoD IL5
  • DoD IL6

All DoD Impact Levels Vendors

FedRAMP Reciprocity with DoD Cybersecurity Requirements


Reciprocity between FedRAMP and the DoD Impact Levels allows the DoD to utilize a CSO that has been FedRAMP authorized. The DoD IL2 and FedRAMP Moderate are considered equivalent baselines for the cloud cybersecurity requirements given to CSPs.

DISA has enabled non-critical mission information and public data under DoD IL2 to be hosted on CSOs with FedRAMP Moderate authorization. The contingencies for reciprocity are that the CSO must be FedRAMP authorized, datacenters must be located in the U.S. or its territories and the CSO must maintain their authorization status throughout continuous monitoring.

DoD Impact Level Image