"will require the vendor to be cleared for access to secret and top secret Defense Department data, including nuclear weapon design information"
Who will be cleared? Will they require full security clearance for every single employee that has or might have access to the system? That's going to be fun to implement, and even more fun to audit.
How many disks will the information be spread over? Cloud companies move data around all the time transparently. Can they confirm secure destruction of all those disks at end of life? (Milspec secure not commercial secure).
And what happened to Need to Know? Just how many cloud company techies will have possible access to this data although they have no legitimate need for it?
Hve they planned for what to do when (not if) someone finds an exploitable flaw and posts 'Building your own nuke for Dummies' to the web?