Compliance in Azure Cosmos DB
Azure Cosmos DB is available in all Azure regions. Microsoft makes five distinct Azure cloud environments available to customers:
Azure public cloud, which is available globally.
Azure China 21Vianet is available through a unique partnership between Microsoft and 21Vianet, one of the country’s largest internet providers.
Azure Germany provides services under a data trustee model, which ensures that customer data remains in Germany under the control of T-Systems International GmbH, a subsidiary of Deutsche Telecom, acting as the German data trustee.
Azure Government is available in four regions in the United States to US government agencies and their partners.
Azure Government for Department of Defense(DoD) is available in two regions in the United States to the US Department of Defense.
To help customers meet their own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry in terms of both breadth (total number of offerings) and depth (number of customer-facing services in assessment scope). Azure compliance offerings are grouped into four segments - globally applicable, US Government, industry specific, and region or country/region specific. Compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.
Azure Cosmos DB certifications
Azure Cosmos DB is continually expanding its certification coverage. Currently, Azure Cosmos DB is certified with the following certificates:
|Globally applicable||US Government||Industry specific||Region or country specific|
|CSA STAR Certification||DoD SRG Level 2||HIPAA BAA||Australia IRAP Unclassified|
|CSA STAR Attestation||FedRAMP Moderate||HITRUST||Germany C5|
|ISO 20000-1:2011||GxP (FDA 21 CFR Part 11)||PCI DSS||Singapore MTCS Level 3|
|ISO 22301:2012||Spain ENS High|
|SOC 1, 2, 3|
To learn more about each of these compliance offerings and how they benefit you, see Overview of Microsoft Azure compliance page.
The following table lists the certifications supported by Azure Cosmos DB in Azure Government:
|Globally applicable||US Government||Industry specific|
|CSA STAR Certification||CJIS||HIPAA BAA|
|CSA STAR Attestation||DoD SRG Level 2||HITRUST|
|ISO 20000-1:2011||DoD SRG Level 4||PCI DSS|
|ISO 9001:2012||DoD SRG Level 5|
|ISO 27001:2013||FedRAMP High|
|ISO 9001:2015||IRS 1075|
|ISO 27017:2014||NIST CSF|
|ISO 27018:2015||NIST SP 800-171|
|SOC 1, 2, 3|
To learn more about Azure compliance certifications, see the following articles:
To find out the latest compliance certifications for Azure Cosmos DB, see the Overview of Azure compliance.
For an overview of Azure Cosmos DB security and the latest improvements, see Azure Cosmos DB database security article.
For more information about Microsoft certifications, see the Azure Trust Center.