Updated Sep 23, 2024
Version 6.0RichardWakeman
Microsoft
Joined January 31, 2019
Public Sector Blog
Follow this blog board to get notified when there's new activity
How does this impact organizations that would like to store CUI on systems that use Azure Commercial for authentication? For example, downloading CUI directly from a DoD source to an Azure AD-joined workstation while logged into their Azure AD account. If the CUI is never stored in Microsoft 365 services like OneDrive or SharePoint and stays local to the workstation, would Azure Commercial's adherence to DFARS be sufficient for handling CUI? Would it be sufficient for ITAR/EAR?
This is an amazing write up, thanks so much for sharing! I'm sure I'll be sending this link to many people in the future when they want to understand what GCCH means
Excellent! Thanks so much Richard for pointing me to this article. I've got it book-marked for reference. A lot to digest, even for Architects like myself that need to dig deeper on some of this.
Great read!!.. Thank you for sharing.
This was a helpful blog. But, I have a question/challenge:
"It does not guarantee fulfillment of US Persons nor US Citizenship requirements, nor does it confer data residency in the Continental United States (CONUS)."
I am not aware of an ITAR requirement now for data sovereignty. 22 CFR ยง120.54 says it is not an export of ITAR technical data if it is encrypted end to end between US Persons and/or stored using FIPS 140-2 approved cloud storage.
I understand that you have focused the GCC High offerings to meet DFARS 7012 and ITAR requirements but there are many small companies that make this a difficult hurdle for them to overcome.