Microsoft Azure close to several key government certifications
Matt Rathbun, a cloud security director at Microsoft, said in a blog post that the company was part of a pilot creating the Federal Risk and Authorization Management Program (FedRAMP) High Impact Baseline — a set of requirements from the federal government that will set out what companies need to do in order to handle the government's high security data and workloads in the cloud. Microsoft has requested a Provisional Authority to Operate certification for FedRAMP High, which the company expects to receive within the next month.
"Selecting Microsoft Azure Government to participate in FedRAMP’s High Impact baseline pilot and its forthcoming Provisional Authority to Operate (P-ATO) from the FedRAMP JAB are testaments to Microsoft’s ability to meet the government’s rigorous security requirements,” said Matt Goodrich, the director for FedRAMP’s Program Management Office.
Being certified for FedRAMP High would show government agencies that Azure is capable of handling high security data that if leaked could have a severe adverse effect on operations, individuals or assets. Up until now, FedRAMP hasn’t offered that classification.
Microsoft is also working towards a certification for handling controlled unclassified information under the Defense Information Systems Agency Impact Level 4 framework. That means agencies will be able to store such data that requires protection against unauthorized disclosure, like sensitive law enforcement information, medical information and data subject to export control.
In addition, the U.S. Department of Defense will be able to use two new Azure regions that are designed to comply with the DISA Impact Level 5 certification, and run DoD workloads on different hardware than made available to non-DoD tenants. Called US DoD East and US DoD West, the regions are expected to come online later this year.
Azure Government is also getting a flotilla of new services, including Web Apps, Key Vault and new high-performance virtual machine types.
On top of the U.S.-focused news, Microsoft also announced the beginning of closed beta testing of services running in its Canada and Germany regions. Those regions are built to meet customers’ data sovereignty requirements for storing data in their home countries, with Azure Deutschland even offering a German data trustee to add an additional level of assurance.