When the Administration issued the Cloud First policy several years ago, most wondered if the cloud would be able to meet the traditional on premise Federal government security mandates.   Shortly after the policy was announced, the Federal Risk and Authorization Management Program (FedRAMP) process, which provides a standardized U.S. government approach to security assessment, authorization, and continuous monitoring for cloud products and services, was launched.  This process allows federal agencies to migrate low and moderate impact workloads if the cloud provider meets the FedRAMP moderate requirements.

FedRAMP government anouncement Microsoft Azure

Today, security concerns continue to be front and center and with announcement of the new Cyber Security Implementation Plan and thee most recent Cyber National Action Plan announced by the President and U.S. Government CIO Tony Scott, the US Government is tackling security head-on.

Since FedRAMP was established, Microsoft has been working closely with the FedRAMP program management office  to ensure our Federal cloud solutions meet or exceed public sector security, privacy and compliance standards, such as FedRAMP, DoD, HIPAA, CJIS and IRS 1075. In fact, Microsoft’s government cloud services have been designed from the ground up to help government agencies integrate disparate on-premises, cloud and data systems and enable seamless communication and collaboration to operate in this new cloud-first world.

Today is no exception as we announce several Azure Government compliance milestones specific to the Federal government and the Department of Defense.  These include:

  • FedRAMP High: The FedRAMP High authorization allows a cloud provider to host sensitive data at the High Impact Level. Azure Government is excited to be one of the first service providers participating in a FedRAMP High pilot. We have submitted our paperwork and are on track to receive a Provisional Authorization to Operate (PAO) from the federal Joint Advisory Board (JAB) by the end of the month.
  • DISA Level 4 and Level 5: Building on the FedRAMP authorization, Azure Government is on track to achieve the DISA Level 4 authorization shortly, covering unclassified data that requires protection against unauthorized disclosure or other mission-critical data.

Microsoft is also hard at work on Impact Level 5. Impact Level 5 data includes CUI and unclassified National Security Systems data. It can only be processed in a dedicated infrastructure that ensures physical separation of DoD customers from non-DoD tenants.

  • Establishment of a DoD-only cloud: To further extend our commitment to providing the highest security for government data, Azure Government is adding two new regions for US Department of Defense data, designed to meet DISA Impact Level 4 and Level 5.   These new physically isolated Azure Government datacenter regions for the Department of Defense will provide specific assurances and commitments to meet the requirements defined in the DoD Cloud Computing Security Requirements Guide (SRG) that require the highest level of security for data permitted to be stored in the cloud.  Availability of these new regions is planned for later this year.

To learn more about the news and how Federal customers will benefit, check out the Azure team .