Compliance in Azure Cosmos DB

Azure Cosmos DB is available in all Azure regions. Microsoft makes five distinct Azure cloud environments available to customers:

  • Azure public cloud, which is available globally.

  • Azure China is available through a unique partnership between Microsoft and 21Vianet, one of the country‚Äôs largest internet providers.

  • Azure Germany provides services under a data trustee model, which ensures that customer data remains in Germany under the control of T-Systems International GmbH, a subsidiary of Deutsche Telecom, acting as the German data trustee.

  • Azure Government is available in four regions in the United States to US government agencies and their partners.

  • Azure Government for Department of Defense(DoD) is available in two regions in the United States to the US Department of Defense.

To help customers meet their own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry in terms of both breadth (total number of offerings) and depth (number of customer-facing services in assessment scope). Azure compliance offerings are grouped into four segments - globally applicable, US Government, industry specific, and region or country specific. Compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.

Azure Cosmos DB certifications

Azure Cosmos DB is continually expanding its certification coverage. Currently, Azure Cosmos DB is certified with the following certificates:

Globally applicable US Government Industry specific Region or country specific
CSA STAR Certification

CSA STAR Attestation

ISO 20000-1:2011

ISO 22301:2012

ISO 27001:2013

ISO 27017:2015

ISO 27018:2014

SOC 1, 2, 3
DoD SRG Level 2

FedRAMP Moderate

GxP (FDA 21 CFR Part 11)

HIPAA BAA

HITRUST

PCI DSS
Australia IRAP Unclassified

Germany C5

Singapore MTCS Level 3

Spain ENS High

To learn more about each of these compliance offerings and how they benefit you, see Overview of Microsoft Azure compliance page.

The following table lists the certifications supported by Azure Cosmos DB in Azure Government:

Globally applicable US Government Industry specific Region or country specific
CSA STAR Certification

CSA STAR Attestation

ISO 20000-1:2011

ISO 9001:2015

ISO 27001:2013

ISO 27017:2015

ISO 27018:2014

SOC 1, 2, 3
DoD SRG Level 2

DoD SRG Level 5

CJIS

FedRAMP High

IRS 1075

NIST CSF

NIST SP 800-171
HIPAA BAA

HITRUST

PCI DSS
Australia IRAP Unclassified

Germany C5

Singapore MTCS Level 3

Spain ENS High

Next steps

To learn more about Azure compliance certifications, see the following articles: