The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD specifically has defined additional cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud Service Providers (CSPs) supporting U.S. DoD customers are required to comply with these requirements.
The Salesforce Government Cloud has been granted Provisional Authorization (PA) for Impact Level 4 (IL4) from Defense Information Systems Agency (DISA) leveraging Salesforce's FedRAMP Moderate ATO and undergoing additional assessments by independent organizations. This provides DoD mission owners and authorized contractors the ability to utilize the Salesforce Government Cloud to manage Controlled Unclassified Information (CUI), including Personal Identifiable Information (PII) and Protected Health Information (PHI). This also includes data requiring protection from unauthorized disclosure and other mission-critical data.
Additional information can be found at https://www.salesforce.com/solutions/industries/government/compliance/ and https://help.salesforce.com/articleView?id=000270080&language=en_US&type=1