cloud security

Microsoft gears up for FedRAMP high

Microsoft is on track to provide more secure cloud services to government agencies when it becomes authorized by the Federal Risk and Authorization Management Program to process high-impact level data.

Azure Government was chosen to participate in FedRAMP’s pilot program to build the High Impact Baseline standard. With successful completion of the pilot, Microsoft expects High Impact Provisional Authority to Operate for its Azure Government environment by the end of the month, according to the company’s Azure blog.

Previously, government was able to migrate and securely process only low- and moderate-impact workloads to FedRAMP-certified cloud services. With "FedRAMP high,"  data sensitive enough to threaten organizational operations or assets if leaked, could be stored on Azure and other services that secure the new authorization.  

Microsoft also said it has finalized the Security Assessment Report to meet the requirements of Defense Information Systems Agency Impact Level 4 so the Department of Defense -- and eventually other federal government customers -- can process and deploy controlled unclassified information (CUI) in an Azure cloud. This includes mission-critical data and data requiring protection against unauthorized disclosure.

Additionally, Microsoft will launch two new physically isolated regions within its Azure Government cloud for DOD data later this year.  DOD East and DOD West will be dedicated to workloads and data at DISA Impact Level 5, to CUI needing higher level of protection and to unclassified National Security Systems data.  The new regions will comply with the DOD’s Cloud Computing Security Requirements Guide, which demands that cloud data be processed in a dedicated infrastructure that ensures physical separation of DOD customers from non-DOD tenants.

These two new regions for DOD data will be the first of their kind, the company said, and follow the Defense Department’s announcement that it would standardize all of its systems on Windows 10 within a year.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected