Got a FedRAMP Equivalency Body of Evidence?

UPDATED April 2025

Microsoft Office 365 GCCH has now been authorized by FedRAMP, as of 12/26/2024: Microsoft Office 365 GCC High | FedRAMP Marketplace.

With the publishing of the U.S. Department of Defense memorandum for ‘FedRAMP Moderate Equivalency for Cloud Service Provider’s Cloud Service Offerings’, assessors will be asking defense contractors to provide the body of evidence (BoE) of any cloud service providers not authorized in the FedRAMP Marketplace.   

For access to the Microsoft Office 365 GCC High and/or Azure Government BoEs, as per the memo, please contact: 

• Office 365 GCC High: O365FedRAMP@microsoft.com 
• Azure Government: AzFedDoc@microsoft.com 

Once approved, you will be given access to a SharePoint site with all documents required per the memo. The BoE is considered highly sensitive and confidential information. While Microsoft is transparent and will allow for customers to access the BoE under a Non-Disclosure Agreement (NDA), you must be a customer and make the request to the above email addresses.  

For more details on Microsoft’s GCCH environment and FedRAMP compliance, check out Richard Wakeman’s detailed blog at https://aka.ms/FedRAMPGCCH.

About the author 

Carley Salmon is a Senior Data Security Technical Specialist for Microsoft Federal Defense.  Prior to coming to Microsoft, she spent 4 years with the DCMA DIBCAC as an Assessment Lead and Team Chief and was part of the team that developed the assessment processes.