Building and deploying modern systems in a highly regulated cloud environment is challenging. In this session, we will explore the DoD Cloud Computing Security Requirements Guide (SRG), key FedRAMP Security Controls, and key lessons learned. Regulators impose requirements that are meant to be applied in a traditional on-premise environment, which requires unique design decisions in cloud-native environments. In this session, we will explore the key lessons learned building a regulated cloud environment, automating deployments, securing networks, and configuring compliance services. Attendees will leave with an understanding of the key regulatory requirements, and the cloud-native security controls for meeting those requirements.