We’ve just released our newest Azure Blueprints for the important US Federal Risk and Authorization Management Program (FedRAMP) certification at the moderate level. FedRAMP is a key certification because cloud providers seeking to sell services to US federal government agencies must first demonstrate FedRAMP compliance. Azure and Azure Government are both approved for FedRAMP at the high impact level, and we’re planning that a future Azure Blueprints will provide control mappings for high impact.
Azure Blueprints is a free service that helps enable customers to define a repeatable set of Azure resources that implement and adhere to standards, patterns, and requirements. Azure Blueprints allow customers to set up compliant environments matched to common internal scenarios and external standards like ISO 27001, Payment Card Industry data security standard (PCI DSS), and Center for Internet Security (CIS) Benchmarks.
Compliance with standards such as FedRAMP is increasingly important for all types of organizations, making control mappings to compliance standards a natural application for Azure Blueprints. Azure customers, particularly those in regulated industries, have expressed a strong interest in compliance blueprints to help ease the burden of their compliance obligations.
FedRAMP was established to provide a standardized approach for assessing, monitoring, and authorizing cloud
Today Microsoft published an independent security assessment of 113 Microsoft Azure services for their suitability to handle official and PROTECTED Australian government information. This assessment, carried out under the Information Security Registered Assessor Program (IRAP), is now available for customers and partners to review and use as they plan for increasing the use of cloud in government.
This milestone significantly expands the ability of the Australian government to leverage Microsoft Azure to drive digital transformation. The expanded scope of this IRAP assessment includes cognitive services, machine learning, IoT, advanced cybersecurity, open source database management, and serverless and application development technologies. This enables the full range of innovation within Azure Australia to be utilized for government applications, further reinforcing our commitment to achieving the broadest range of accreditations and assurances to meet the needs of government customers.
This assurance is critical for customers such as the Victorian Government, using ICT shared services provider Cenitex in partnership with Canberra-based OOBE to deploy VicCloud Protect, a ground-breaking and highly secure service that enables its government customers to safely manage applications and data rated up to PROTECTED level.
“VicCloud Protect is a first for the Victorian Government and our customers can now confidently
This post was co-authored by Rohit Kumar Cherukuri, Vice President – Marketing, Cloud4C
Australian government organizations are looking for cloud managed services providers capable of providing deployment of a platform as a service (PaaS) environment suitable for the processing, storage, and transmission of AU-PROTECTED government data that is compliant with the objectives of the Australian Government Information Security Manual (ISM) produced by the Australian Signals Directorate (ASD).
One of Australia’s largest federal agencies that is responsible for improving and maintaining finances of the state was looking to implement the Information Security Registered Assessors Program (IRAP) which is critical to safeguard sensitive information and ensure security controls around transmission, storage, and retrieval.
The Information Security Registered Assessors Program is an Australian Signals Directorate initiative to provide high-quality information and communications technology (ICT) security assessment services to the government.
The Australian Signals Directorate endorses suitably-qualified information and communications technology professionals to provide relevant security services that aim to secure broader industry and Australian government information and associated systems.
Cloud4C took up this challenge to enable this federal client on the cloud delivery platforms. Cloud4C analyzed and assessed the stringent compliance requirements within the Information Security Registered Assessors Program guidelines.
Following internal baselining,
Governments around the world are in the process of a digital transformation, actively investigating solutions and selecting architectures that will help them transition many of their workloads to the cloud. There are many drivers behind the digital transformation, including the need to engage citizens, empower employees, transform government services, and optimize government operations. Governments across the world are also looking to improve their cybersecurity posture to secure their assets and counter the evolving threat landscape.
To help governments worldwide get answers to common cloud security related questions, Microsoft published a white paper, titled Azure for Secure Worldwide Public Sector Cloud Adoption. This paper addresses common security and isolation concerns pertinent to worldwide public sector customers. It also explores technologies available in Azure to help safeguard unclassified, confidential, and sensitive workloads in the public multi-tenant cloud in combination with Azure Stack and Azure Data Box Edge deployed on-premises and at the edge for fully disconnected scenarios involving highly sensitive data. The paper addresses common customer concerns, including:
Data residency and data sovereignty Government access to customer data, including CLOUD Act related questions Data encryption, including customer control of encryption keys Access to customer data by Microsoft personnel Threat detection and prevention
Today we’re announcing a significant milestone in serving our mission customers from cloud to edge with the initial availability of two new Azure Government Secret regions, now in private preview and pending accreditation. Azure Government Secret delivers comprehensive and mission enabling cloud services to US Federal Civilian, Department of Defense (DoD), Intelligence Community (IC), and US government partners working within Secret enclaves.
In addition, we’ve expanded the scope of all Azure Government regions to enable DoD Impact Level 5 (IL5) data, providing a cost-effective option for L5 workloads with a broad range of available services. With our focus on innovating to meet the needs of our mission-critical customers, we continue to provide more PaaS features and services to the DoD at IL5 than any other cloud provider.
For more than 40 years we have prioritized bringing commercial innovation to the DoD. We also continue to help our customers across the full spectrum of government, including every state, federal cabinet agency, and military branch, modernize their IT to better enable their missions.
Microsoft is helping customers across the full spectrum of government, including departments in every state, all the federal cabinet agencies, and
Furthering our commitment to be the most trusted cloud for Government, today Microsoft is proud to announce two milestone achievements in support of the US Department of Defense.
Information Impact Level 5 DoD Provisional Authorization by the Defense Information Systems Agency
Azure Government is the first commercial cloud service to be awarded an Information Impact Level 5 DoD Provisional Authorization by the Defense Information Systems Agency. This provisional authorization allows all US Department of Defense (DoD) customers to leverage Azure Government for the most sensitive controlled unclassified information (CUI), including CUI of National Security Systems.
DoD Authorizing Officials can use this Provisional Authorization as a baseline for input into their authorization decisions on behalf of mission owner systems using the Azure Government cloud DOD Region.
This achievement is the result of the collective efforts of Microsoft, DISA and its mission partners to work through requirements pertaining to the adoption of cloud computing for infrastructure, platform and productivity across the DoD enterprise.
General Availability of DoD Regions
Information Impact Level 5 requires processing in dedicated infrastructure that ensures physical separation of DoD customers from non-DoD customers. Over the past few months, we ran a preview program with more than 50 customers
Today, Microsoft is announcing new intelligent cloud and intelligent edge capabilities for U.S. government customers. These new capabilities will help government customers uniquely address “the tactical edge”—or, a dependence on information systems and connectivity in harsh scenarios or other situations where users have critical data availability, integrity, and transparency needs.
As U.S. government agencies support missions around the world, in remote locations, and beyond the reach of standard infrastructure, new technology is required for mission success. Microsoft offers a comprehensive portfolio designed to bring data analysis and insight to the tactical edge. Azure Stack and our Data Box family of products help government agencies with remote operations access the information they need to make decisions at the edge, along with access to the full range of cloud data analytics as connectivity allows.
Just last year we announced the integration of Azure Stack with Azure Government cloud, which unlocks a wide range of hybrid cloud use cases for government customers. By connecting the tactical edge to Azure Government, the mission-critical cloud for U.S. government customers and their partners, federal, state, and local government agencies can now operate with full regulatory compliance and the most up-to-date edge capabilities.
To that end, today,
Join us as we discuss the leading edge of emerging technology in government at the next Microsoft Azure Government DC meetup, Adopting Emerging Tech in Government, on Wednesday, November 28, 2018 from 6:00 to 8:30 PM Eastern Time at 1776 in Washington, DC. If you’re not in the DC-metro area, we invite you to join us via livestream starting at 6:35 PM Eastern Time at aka.ms/azuregovmeetuplive.
You’ll hear how agencies are approaching strategy, challenges, use cases, and workforce readiness as they leverage emerging tech to innovate for their mission including blockchain, artificial intelligence, machine learning, and augmented reality.
RSVP and join us to gain insight from innovators across government agencies who are exploring ways to apply emerging tech to empower their workforce and deliver innovative services to the public.
Featured speakers include:
COL David Robinson, Military Deputy (Acting), Defense Innovation Unit Experimental Ju-Lie McReynolds, Program Manager, US Digital Service, Health & Human Services Meagan Metzger, CEO, Dcode Sujit Mohanty, DoD CTO, Microsoft Federal Jeff Butte, Senior Program Manager, Microsoft Azure Global Government Karina Homme, Senior Director, Microsoft Azure Government About the Microsoft Azure Government user community
The Azure Government DC user community was created as a place to bring
Over the past week, I visited customers and partners in Europe who want to bring cloud services to datacenters and edge locations to deliver new hybrid cloud solutions. Whether it’s due to latency, regulatory compliance or legacy data and systems, these customers can’t use the public cloud for several scenarios. They look for a true hybrid cloud solution to deliver a consistent experience across their entire digital estate. It was really great to listen and observe how some of these companies are already using Azure Stack and thinking of innovative ways to drive digital transformation using Microsoft’s intelligent cloud and intelligent edge approach.
It’s humbling to see customers across government, manufacturing, financial services, and healthcare industries in nearly 60 countries around the world use Azure Stack to unlock new scenarios that were not possible before. And this is just the beginning. We are committed to meeting customer needs and continuously delivering new updates and innovation on Azure Stack.
Consistent hybrid cloud
We have designed and engineered Azure Stack to be truly consistent with Azure. Azure Stack brings the agility and innovation of cloud computing to on-premises and edge, so organizations can build modern apps across their full environment with the
This blog post is a part of our security series for National Cybersecurity Awareness Month where we discuss how federal CIOs can best prepare for a cloud environment that works securely with your on-premises datacenters.
The need for federal agencies to get their hybrid cloud roadmaps in place has reached a tipping point over the past year, especially as pressures mount to modernize the government’s vast portfolio of aging legacy IT systems and make smarter use of available IT funding.
Agency IT leaders however, face a deeper challenge. Deciding which applications to move to the cloud and which should be rebuilt or replaced to function securely in a hybrid environment. They must do so while planning for a rapidly-changing cybersecurity landscape.
That’s why rationalizing and rightsizing your applications deserves careful attention. This is also why aligning with the right partners who can support your applications, whether in the cloud or on-premises, can be the difference between successful IT modernization versus just lifting-and-shifting to the cloud.
That’s one reason a growing number of agencies are choosing the flexibility and built-in security features of cloud platforms such as Microsoft Azure Government. Azure Government gives leaders a flexible way to test out their