As a certified Microsoft 365 reseller we understand Microsoft 365 Government Community Cloud (GCC) is the go-to software platform for data security and DFARS and CMMC compliance. But GCC is just one piece of the compliance puzzle. It’s best to know what you really need first in order to avoid overspending on software licenses.

What is GCC?

Microsoft GCC is a version of Microsoft 365 Commercial tailored specifically to the unique requirements of protecting Controlled Unclassified Information (CUI) and other sensitive data for DOD contractors. There are two levels of this industry-leading software platform: Microsoft GCC and GCC High.

GCC is the minimum required to meet DFARS, CMMC and other government cybersecurity mandates, which specify that all cloud-based data centers be located within the continental United States and operated by vetted U.S. citizens. GCC High meets additional DOD requirements for higher-level data security.

What do you actually need?

GCC High licenses are the most costly, and for some contractors, it’s overkill. Whatever the version, software is just a part of the solution. 110 controls are required for full DFARS and CMMC compliance. GCC and GCC High solve for just a fraction of those controls. You still have to write policies, monitor networks, respond to incidents and more.

This is a business problem, not just a technology problem. It’s best to have an expert look at your situation and environment first to determine, in detail, what you actually need. The right compliance solution fits your business and the way it operates in order to avoid overspending and under-complying.

How do you know when you’re talking to a software-first provider?

Many providers are in business primarily to sell software. If the first step in their process is for you to buy GCC licenses, usually GCC High, that’s the tell. They’ll talk about getting you to compliance, but many lack the depth and breadth of experience in that area.

Talk to the DFARS/CMMC compliance experts.

We are a one-stop resource whose sole focus is to get our clients to full compliance with a minimum of cost, time and pain. Software alone will not solve your problem. Compliance expertise and experience will. No provider has deeper expertise and experience in NIST/DFARS/CMMC compliance than CyberSheath.

Want to learn more? Dive deeper.

A man looking at a tablet in a room of computers

About CyberSheath

Cybersecurity pioneer, expert and one-stop provider

A woman in a lab coat working on a desktop computer


A brief overview of current DFARS requirements

Military personnel working on a desktop computer


About CyberSheath compliance risk assessment services

A person typing on a laptop


A brief summary of theimplementation process