Trace Id is missing

How does Microsoft help me meet federal cyber requirements?

Zero Trust

The Executive Order on Improving the Nation’s Cybersecurity puts Zero Trust at the center of the nation’s cybersecurity strategy, requiring federal agencies to implement advanced security measures to significantly reduce the risk of successful cyberattacks on the government’s digital infrastructure.

The federal Zero Trust strategy outlined in Memorandum 22-09 aligns with the CISA Zero Trust Maturity Model's five pillars: identity, devices, networks, applications and workloads, and data, and emphasizes the importance of visibility and analytics, automation and orchestration, and governance to minimize uncertainty and keep access as granular as possible.

For the DOD and IC communities, the National Security Memorandum-08 and DOD Zero Trust Strategy further emphasizes the importance of Zero Trust architecture in securing the DOD's digital infrastructure against evolving cyber threats.

Microsoft resources

Here is how Microsoft can help you meet federal Zero Trust requirements.

Secure Cloud Adoption

For the federal government, the move to the cloud itself is a step to improve agency security postures. Underscored by the Section 3 of the Cyber EO, the ZT Memorandum 22-09, and the National cybersecurity Strategy, an increasing number of federal best practices and requirements have emerged to keep federal cloud solutions secure as agencies accelerate their adoption of cloud services.

Similarly, FedRAMP and NIST SP 800-53 set mandatory standards to validate cloud security. Microsoft's government cloud services meet the demanding requirements of FedRAMP, enabling federal agencies to benefit from the cost savings and rigorous security of the Microsoft Cloud.

Microsoft’s investment in DoD IL6 PA for Defense and Intel communities also aligns with the department’s OCONUS cloud strategy including building Azure/Office 365 Secret, and Azure Top Secret classified clouds to provide U.S. Government customers with secure cloud capabilities at all classification and Impact Levels.

As an awardee of the Joint Warfighting Cloud Capability (JWCC) contract, secure cloud technology is directly available to all of the DoD in one vehicle, enabling warfighters and those that support them to leverage the most advanced cloud capabilities to meet their mission objectives.

Microsoft resources

Here is how Microsoft can help you meet federal secure cloud requirements—from cloud adoption and migration to multi-cloud security.

Identity Modernization

With the expansion of a mobile federal workforce, agencies must redefine their security perimeter to access data anytime, anywhere. Government applications and data moving from on-premises to hybrid and cloud environments increases organizational endpoints and the risk of compromised credentials, devices, and applications.

As protection against these threats, Memorandum 22-09 requires that agencies consolidate their identity platforms to agency-managed identity systems. Similarly, the NIST SP 800-63 Digital Identity Guidelines provide technical requirements for federal agencies implementing digital identity services, including identity proofing and authentication of users interacting with government IT systems over open networks.

With the Microsoft Entra portfolio, enterprise-wide identity management system Azure Active Directory (Azure AD) provides multifactor authentication and authorization to meet identity-related requirements.

Microsoft resources

Here is how Microsoft can help you meet federal identity modernization requirements.

Security Operations & Modern Log Management

Security operations centers (SOCs) face rapidly evolving, constantly expanding data streams from across the organization that slow response times and delay threat hunting. To improve security operations, and accelerate the ability to detect, investigate, and remediate cyber threats, Memorandum 21-31 requires federal government agencies to rapidly move toward standardized and comprehensive log event management.

Microsoft provides federal agencies with a suite of security capabilities, including enhanced visibility in asset inventory, rapid threat triage and investigation, enhanced network visibility, cloud-native SIEM/SOAR, user and entity behavior analytics, and cyber threat intelligence capabilities. These solutions, and more, leverage Microsoft's ecosystem of signals collection capabilities to support federal security operations and to operationalize data more effectively.

Microsoft resources

Here is how Microsoft can help you meet federal security operations and modern log management requirements.

Secure Software Development

Rooted in trusted source code and secure software development, software supply chain security is essential to protecting agencies and their data. NIST’s definition of “critical software"and security measures for critical software build upon the Cyber EO’s call on agencies to prioritize risk management efforts, including implementing security measures for agency management of critical software. These security measures also align with the NIST Secure Software Development Framework (SSDF) and other recent CISA guidance that highlight the importance of using supported software and deploying patches.

Addressing software security is not new to Microsoft, having long invested in developing best practices for secure software developmentsource code testing, open source software distribution, and vulnerability disclosure and management programs. Microsoft knows that secure software development and DevSecOps automation are critical components of an agency’s security posture. Ensuring that security is baked in from the start, Microsoft’s SDL exceeds the requirements of SSDF and is monitored continuously.

Microsoft resources

Here is how Microsoft can help you meet federal secure software development requirements.

Back to tabs

National Cybersecurity Strategy

Learn more about our point of view

The administration’s continued focus on cybersecurity sets out to modernize the government’s IT infrastructure and enable the nation to more proactively address cyber threats. It also represents an opportunity for government and industry to come together in fortifying federal cybersecurity postures.
Quote from National Cybersecurity Strategy

Missions enabled by modern security

Delivering the confidence to innovate across a single sensor or an entire agency.

A stonework welcome sign for the Eastern Band of Cherokee Indians’ reservation in Cherokee, North Carolina. The sign is written using both the Cherokee syllabary as well as the English translation which reads ‘Cherokee Indian Reservation / Come Back Soon.

After a devastating cyberattack, the Eastern Band of Cherokee Indians became one of the world’s most technologically advanced nations

Learn more about how the Eastern Band of Cherokee Indians fortified their data security with Microsoft Azure in the wake of a devastating ransomware attack.
coworkers looking at computer screens

DISA rolls out new endpoint security tool in M365, moves closer to unified endpoint vision

Providing DISA with an integrated platform to manage endpoint security, detect and respond to threats, and automate security operations for their workforce.
Back to tabs

Your federal cybersecurity partners

Together with our extensive network of federal partners, Microsoft provides the U.S. Federal Government with the most comprehensive security program in the world; with focused, unified customer engagement experience; and with a continually expanding cloud-based IT technology and solutions offerings that match the pace of Federal customer needs.

For services partners, learn more about our cyber workshops:

Federal services partners

  • people working on computer

    Planet Technologies

    Planet’s Enterprise Cloud Readiness program uniquely blends needs assessment, workforce education, and tool selection combined with focusing on operationalizing cybersecurity.

  • People sitting in front of rows of computers and digital maps

    Maureen Data Systems (MDS)

    MDS digitally transforms classified or unclassified environments leveraging cloud infrastructure, security, compliance, governance, data analytics, and managed services.

  • Two people looking at a tablet together

    Insight

    Insight helps federal services organizations navigate security and compliance complexity associated with dispersed workforces, platforms, edge, and IoT to mitigate risk and improve security posture.

Partner integrations

  • hands typing on a Microsoft table next to a YubiKey

    Yubico

    Yubico and Microsoft recently released certificate based authentication (CBA) for Microsoft Azure Active Directory on Windows, iOS, and Android devices through a hardware security key known as Yubikey to fight against phishing attacks.

  • Green faded view of binoculars with a lock graphic in the lens

    Conquest Cyber

    Conquest Cyber launched the ARMED™ Platform built on Microsoft Sentinel to help agencies configure and manage solutions to address cyber risk with real-time visibility of their posture, guided by compliance, maturity, and effectiveness.

Skilling for the federal cyber community

More than one out of every 20 open jobs in America today is a job that requires cybersecurity skills.

Microsoft is expanding partnerships with community colleges and non-profits for cybersecurity training to help the workforce keep pace with in-demand skills. We are also dedicated to providing agencies actionable insights and tools to accelerate modernization and help cyber professionals stay ahead of sophisticated adversaries.

Additional Resources

  • Cover page of the Microsoft Cybersecurity Interactive guide

    Cybersecurity EO for Modern Government

    Microsoft Federal’s interactive guide on the Cyber EO helps agencies better understand near- and long-term milestones; build a strategic response aligned to security modernization priorities and EO requirements; and determine how technology partners can help accelerate the journey.

  • A man sitting on the stairs and reading newpaper

    Microsoft’s public policy for national cybersecurit

    The Cybersecurity EO accelerates IT modernization, security, and incident response. Microsoft is committed to supporting this initiative and fostering cybersecurity improvements that impact our nation.

  • Male and female coworkers looking at laptop in mission control room

    Securing the work of those who serve

    Expanding security threats puts agencies and their most critical data at risk. With Microsoft Entra, deliver on policy objectives without the fear and impediment of compromised identities.

  • woman looking at a tablet in a control room.]

    Secure from the start

    Grow with confidence knowing that security is built into everything we develop and deliver.

  • African-American businessman sitting on stone steps outside in the daylight reading the newspaper with a coffee next to him.

    Embrace proactive security with Zero Trust

    The Cybersecurity EO accelerates IT modernization, security, and incident response. Microsoft is committed to supporting this initiative and fostering cybersecurity improvements that impact our nation.

In the news

  • security team working at computer monitors with the words “protect,” “detect” and “respond” on the wall

    The Cybersecurity Executive Order: What's Next for Federal Agencies?

  • female military personnel member working at a computer monitor

    Mapping the Cybersecurity Executive Order Milestones

  • nightscape of DC overlaid with a web of network connections

    GovExec: Answering the nation's call on cybersecurity together

  • team of professionals working on computers in an office

    FNN: Why agencies need private sector partners to help them navigate the cybersecurity EO

  • illustration of 4 blue stacks being protected from incoming beams by a shield

    Axios: How public-private partnerships can strengthen U.S. cybersecurity

  • DC Mall from the Lincoln Memorial to the Washington Memorial and Capitol Dome at night

    Microsoft expands on cybersecurity commitments for U.S. government agencies

Follow us