cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Office 365 Government GCC is now FedRAMP High
By
Shawn_Veney
Published Oct 29 2020 10:00 AM 13.6K Views
Shawn_Veney
Microsoft
‎Oct 29 2020 10:00 AM

Office 365 Government GCC is now FedRAMP High

‎Oct 29 2020 10:00 AM

In response to the unique and evolving requirements of the United States government and regulated industries we’ve built Office 365 Government offerings for customers handling controlled unclassified information (CUI) on behalf of the US Government. Office 365 Government (GCC and GCC High) are designed to support US government entities and those working with the US government to meet specific compliance and cybersecurity requirements. We’re excited to announce that our Office 365 Government GCC environment now has a FedRAMP High SAR (security assessment report). More on the history of the Office 365 Government cloud offerings can be found here. 

 

Government regulations are not static. As the world of data security and compliance evolves, so too does our need to support governments and regulated industries with solutions to protect and manage their data. As part of our journey to support US government and regulated industries we will continue to evolve our Office 365 Government cloud offerings with new compliance value to help customers achieve their compliance commitments. All regulated businesses have varying needs when it comes to storing, processing, and transmitting CUI. As part of our commitment to data security and compliance, we will continue to bring innovative products such as Teams, Office Apps, Security, and Compliance to our government clouds with the strict controls required to ensure all products meet FedRAMP High control requirements. We will continue to bring more compliance value to GCC including DFARs support and CMMC accreditation in the near future. Government contractors and all regulated businesses that require US government compliance for CUI, will continue to have access to comprehensive, secure, and compliant SaaS offeringsgiving them a holistic tool set to create a compliant environment. 

 

 

We’re excited for the evolution of the GCC environment and we see this offering being an integral part of a defense contractors journey to meet their CMMC obligations while still being able to address government and internal guidance commitments to CUI. This ongoing journey is going to help government customers and their industry partners choose and select the right environment for them based on their CUI and compliance needs. 

4 Comments
Terry Hebert
Brass Contributor
‎Nov 05 2020 09:29 AM
‎Nov 05 2020 09:29 AM

@Shawn_Veney  

 

This is great news!  Will this also change Microsoft's contractual agreements for supporting ITAR in GCC?

Shawn_Veney
Microsoft
‎Dec 02 2020 08:13 AM
‎Dec 02 2020 08:13 AM

Important question. No; to be clear we continue to not provide contractual support for ITAR in GCC because it was not designed to be an ITAR compliant service. It is important to note that any 2 services at the same impact level typically represent parity of control scope but not necessarily parity of control value (ODV's). Any customer assuming this achievement results in complete parity between GCC & GCCH should scan the SSP for both services paying close attention to areas where differentiation is most impactful i.e. IR & PS families. To be fair and transparent; given the ITAR change regarding E2E some customers express increased acceptance of using GCC for this purpose but that's orthogonal. Ultimately the customer accepts the risk of any decision to use GCC for this purpose i.e. risks incurred through failure to effectively apply E2E; as well as any impacts in the loss of capabilities due to the services inability to process encrypted data.  

0 Likes
Like
Milad_Shaheen
Copper Contributor
‎May 16 2021 11:46 AM
‎May 16 2021 11:46 AM

Hello, 

Our Company currently use Microsoft Teams as the internal/external video conferencing. As the Aerospace and Defense group deals wit ITAR and Export compliance,... data, we are not allowed to use Microsoft Teams. We use a Webex FedRamp version. What is the current offering of Microsoft for this. I am traying to bring a single solution. 

 

0 Likes
Like
Nash Pherson
Microsoft
‎Oct 10 2023 07:25 AM
‎Oct 10 2023 07:25 AM

@Milad_Shaheen - To support ITAR, take a look at Microsoft Teams in M365 GCC-High:

https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-descript...

0 Likes
Like
Version history
Last update:
‎Oct 30 2020 12:11 PM
Updated by: