{"id":1546,"date":"2021-05-19T08:59:26","date_gmt":"2021-05-19T15:59:26","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/microsoft-copilot\/blog\/copilot-studio\/announcing-that-power-virtual-agents-is-fedramp-hitrust-pci-and-ospar-compliant\/"},"modified":"2025-06-30T04:34:44","modified_gmt":"2025-06-30T11:34:44","slug":"announcing-that-power-virtual-agents-is-fedramp-hitrust-pci-and-ospar-compliant","status":"publish","type":"copilot","link":"https:\/\/www.microsoft.com\/en-us\/microsoft-copilot\/blog\/copilot-studio\/announcing-that-power-virtual-agents-is-fedramp-hitrust-pci-and-ospar-compliant\/","title":{"rendered":"Announcing that Power Virtual Agents is FedRAMP, HITRUST, PCI, and OSPAR compliant"},"content":{"rendered":"\n

Last year, we announced that Power Virtual Agents was covered under HIPAA and acquired SOC, ISO, & CSA certifications<\/a>. Today, we are excited to announce that Power Virtual Agents acquired the following four additional certifications:<\/p>\n\n\n\n

1. Federal Risk and Authorization Management Program (FedRAMP)<\/h2>\n\n\n\n

FedRAMP was established to provide a standardized approach for assessing, monitoring, and authorizing cloud computing products and services under the Federal Information Security Management Act (FISMA) and accelerating the adoption of secure cloud solutions by federal agencies.<\/p>\n\n\n\n

Microsoft’s government cloud services meet the demanding requirements of  FedRAMP.<\/p>\n\n\n\n

By deploying protected services including Azure Government, Office 365 U.S. Government, and Dynamics 365 Government, federal and defense agencies can leverage a rich array of compliant services.<\/p>\n\n\n\n

Power Virtual Agents availability in GCC plan is estimated to be generally available in June 2021.<\/p>\n\n\n\n

2. Health Information Trust Alliance (HITRUST)<\/h2>\n\n\n\n

HITRUST is an organization governed by representatives from the healthcare industry. HITRUST created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers consistently demonstrate their security and compliance.<\/p>\n\n\n\n

The CSF builds on HIPAA and the HITECH Act, which are US healthcare laws that have established requirements for the use, disclosure, and safeguarding of individually identifiable health information and enforce non-compliance.<\/p>\n\n\n\n

HITRUST provides a benchmark \u2014 a standardized compliance framework, assessment, and certification process \u2014 against which cloud service providers and covered health entities can measure compliance.<\/p>\n\n\n\n

3. Payment Card Industry (PCI) Data Security Standard (DSS)<\/h2>\n\n\n\n

The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data.<\/p>\n\n\n\n

Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands:<\/p>\n\n\n\n