Microsoft Cloud Service Offerings for the DIB

By Kristen Morales • November 8, 2022

Microsoft offers a variety of clouds meeting the various needs of different organizations. These mission-critical clouds are also a good fit for the defense industrial base (DIB). How do you know which Microsoft cloud offering is right for your company? Let’s review.

 

Microsoft 365 Commercial versus Microsoft 365 Government

Microsoft 365 Enterprise: This version of Microsoft 365 is specifically for commercial organizations. For these entities, Microsoft offers Office 365, as well as Azure Commercial for enterprise mobility and security. The suite is rounded out with Dynamics 365.

Microsoft 365 Government: There are various Microsoft offerings suited to the needs of a variety of organizations doing business with the federal government. Let’s start with those companies with the least rigorous cybersecurity requirements.

  • Companies requiring DISA SRG Impact Level 2 (equivalent): Entities falling into this category can leverage Office 365 GCC and Dynamics 365 Government, both running on the government community cloud (GCC). The GCC is an enclave that has been built for the government to meet some of the compliance obligations.  This level also relies on Azure Commercial and all of the authentication and authorization happens with the Azure Active Directory that is in the Azure Commercial world worldwide data centers.
  • Companies requiring DISA SRG Impact Level 4 (equivalent): Organizations at this level can take advantage of Office 365 GCC High and Dynamics GCC High, which are both housed on the government cloud and built for the requirements of the defense industrial base.  This level also features Azure Government, which has logically and physically separate data centers from the commercial offering. Azure Government is a special cloud offering that requires validation for procurement. At IL4, it meets a lot of the cybersecurity regulations, especially in regard to CMMC and provides you with the highest level of resiliency and reliability.
  • DoD entities requiring DISA SRG Impact Level 5: This is the highest-level Microsoft provides coverage for. All components run on the government cloud, and it also leverages the separate Azure Government for enterprise mobility and security.

 

More on Azure US Government Clouds

Azure Government is a physically separated instance from Azure Commercial. It is the only hyper-scale cloud built specifically for the US government. Not only that, but it also meets the most complex compliance standards and supports the broadest selection of services, tools, and languages. Here’s how it stacks up compared to the commercial version in terms of authorization.

 

Authorization
Commercial FedRAMP High 

DoD CC SRG IL2 

DFARS 252.204-7012 

FCI & CUI Basic (PII) 

CMMC 2.0 Level 1 

GovernmentFedRAMP High

DoD CC SRG IL2, IL4 & IL5

DFARS 252.204-7012

FCI & CUI Specified (ITAR)

CMMC 2.0 Levels 1-3

 

If you are looking to ensure compliance to work with the DoD, consider Microsoft 365 Government GCC High. It can help you strengthen your security posture to better protect DoD data against sophisticated cyberattacks, reduce administration and spend on on-premises data centers and maintenance of old legacy systems, and shift much of the burden to the cloud for meeting compliance obligations and monitoring the changing landscape of US regulations and standards.

 

If you have any questions about how to get started with leveraging these Microsoft solutions, contact us.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO