As the Azure engineering team continues to deliver a rapid pace of innovation for defense customers, we’re also continuing to support Department of Defense (DoD) customers and partners in delivering new capabilities to serve mission needs.
In many cases, accelerating mission workloads means forging a faster and more secure way for teams to build, ship, and authorize new applications. For the broad range of suppliers providing goods and services to the DoD, including the Defense Industrial Base (DIB), this also means navigating evolving compliance requirements.
Navigating the new Cybersecurity Maturity Model Certification (CMMC) from the DoD is one imminent challenge for customers and partners in the defense ecosystem. Our CMMC Acceleration Program is designed to help DIB customers both achieve a higher level of sustained cybersecurity and prepare for assessments. In addition, we’re delivering a host of new services at DoD Impact Level 5 and a range of partner programs to address the varied needs of our customers and partners from every angle.
Extensive IaaS and PaaS capabilities at DoD IL5
Mission owners choosing Azure Government can now access an even broader range of IaaS and Paas capabilities to drive initiatives forward using the 120 Azure Government services now accredited at DoD Impact Level 5 (IL5). Some notable services in this latest wave include Azure Sentinel, Windows Virtual Desktop (WVD), Azure Databricks, and Azure NetApp Files.
Today, many defense customers are using Azure Sentinel for a birds-eye view across the enterprise, with the ability to aggregate data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, and reason over millions of records in a few seconds. To enable secure remote work, agencies are using Windows Virtual Desktop (WVD), empowering employees with more productive remote and work-from-home scenarios while maintaining a stringent security and compliance posture.
To advance a unified data strategy for the mission, Azure Databricks delivers big data analytics and AI with an optimized Apache Spark, combining analytics for all your data with capabilities for collaborative data science. Azure NetApp Files makes it easy for enterprise line-of-business (LOB) and storage teams to migrate and run complex, file-based applications with no code change, enabling lift and shift of both Linux and Windows apps to run seamlessly in Azure.
Along with this broad range of Azure Government services available at IL5, mission owners can choose from multiple regions across the country and benefit from decreased latency, expanded geo-redundancy, and a range of options for backup, recovery, and cost optimization. We recommend reading the isolation guidelines for IL5 workloads documentation page to understand configurations and settings for the isolation required to support IL5 data.
Navigating CMMC compliance for DoD suppliers
In December, the DoD announced a phased rollout of CMMC in fiscal years 2021-2025, piloting the implementation of CMMC requirements for Level 3 and below on select acquisitions. Because CMMC is designed to reflect an organization’s level of cybersecurity maturity, Microsoft recommends aiming for a high watermark to meet or exceed the requirements for contract awards.
To achieve CMMC Level 3 or above, we recommend Azure Government and/or Microsoft 365 Government (GCC High), as these environments are appropriate for initiatives with citizenship or ITAR requirements. CMMC Levels 1 and 2 can also be met with Azure commercial or Microsoft 365 Government (GCC).
If you’re a DIB customer navigating compliance, the Microsoft CMMC acceleration program can help you close compliance gaps and mitigate risks, evolve your cybersecurity towards a more agile and resilient posture, and help facilitate CMMC certification. Within this program, you’ll have access to a portfolio of learning resources, architectural references, and automated implementation tools custom-tailored to the certification journey.
New options with DFARS available in Azure commercial
Microsoft is furthering its commitment to DoD contractors and the DIB by announcing support for Defense Federal Acquisition Regulation Supplement (DFARS) requirements in Azure commercial cloud regions.
The introduction of DFARS 7012 in Azure Commercial offers you more choice in the selection of Microsoft cloud offerings that best suits your requirements for the protection of Controlled Unclassified Information. For example, those organizations that choose Microsoft 365 Government (GCC) deployed on top of Azure commercial cloud regions in the U.S. may now have paired Azure services that meet DFARS 7012 requirements. To learn more, please see this documentation.
Partnerships continue to drive innovation for mission
General Dynamics Information Technology (GDIT), a business unit of General Dynamics, recently signed a partner agreement with Microsoft, enabling GDIT to provide Department of Defense customers with migration to both Microsoft 365 and Azure Government, including the classified regions of Azure Government, under its Defense Enterprise Office Solution (DEOS) contract.
Over the past year, we’ve expanded the AOS-G (Agreement for Online Services for Government) program to welcome many new partners and serve the growing demands of the mission by enabling Systems Integrators (SIs) to provide value-added services with the Azure Government Secret environment. In addition, partners in the United States that serve US federal, state, and local government entities in their governmental capacities are eligible for the Cloud Solution Provider (CSP) program for Azure Government. Microsoft has a strict validation program to determine eligibility before partners can access Azure Government. To learn more, email us at firstname.lastname@example.org.
Your mission–our commitment
For more than 40 years, Microsoft has partnered with the Department of Defense, intelligence community, and national security agencies to address our nation’s most complex challenges. We continue to invest in rapidly delivering new Azure Government capabilities to support mission needs across all data classifications, and we have cloud experts at the ready to ensure your success.
The mission-critical cloud for U.S. Government agencies and their partners, Azure Government provide a continuum of compute across data classifications spanning mission cloud to intelligent edge, helping customers accelerate innovation with the widest range of commercial capabilities and the broadest compliance coverage of any government-only cloud.
Disclaimer: Customers are wholly responsible for ensuring their own compliance with all applicable laws and regulations. Information provided in this post does not constitute legal advice, and customers should consult their legal advisors for any questions regarding legal or regulatory compliance.