I am pleased to announce the release of the Azure Blueprint for the Department of Defense (DoD). Azure Blueprint recently released documentation to streamline the path for Azure Government customers working with the Federal Risk and Authorization Management Program (FedRAMP) Moderate Baseline to attain Authorizations to Operate (ATO).
Azure Blueprint has expanded to support our DoD customers working in Azure Government to document their customer security responsibilities. The Azure Blueprint Customer Responsibilities Matrix (CRM) and System Security Plan (SSP) template can now be used by DoD mission owners and third-party providers building systems on behalf of DoD customers.
The DoD migration to the cloud has been guided by the Department of Defense Cloud Computing Security Requirements Guide (SRG) Version 1 Release 2. All cloud systems must meet the security standards outlined in the SRG for use by DoD customers. The Cloud Computing SRG breaks down requirements into impact levels, covering specific data classifications that are adequately protected at each level.
As announced on June 23, 2016, Azure Government has been granted a provisional authorization (PA) at the DoD Impact Level 4 for processing of controlled unclassified information (CUI) and mission critical data. This includes export controlled data, protected health information, privacy information, and others (e.g. FOUO, SBU, etc.). Since that announcement, we have been working with DoD customers to help them understand the Azure Government security protections and work through their security responsibilities. Azure Blueprint now provides these DoD customers with a simplified way to understand the scope of their security responsibilities when architecting solutions in Azure.
We look forward to providing DoD L5 Azure Blueprints once we attain our Impact Level 5 PA for the Microsoft Azure Government DoD Regions and expanding our footprint as the most trusted cloud.
For any questions and to access to these documents, please e-mail AzureBlueprint@microsoft.com.
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click “Subscribe by Email!” on the Azure Government Blog. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.