question

StevenNetsch-3116 avatar image
0 Votes"
StevenNetsch-3116 asked KateChristner-2256 commented

Azure FedRAMP compliance

My company recently became a federal government contractor and all of our systems are deployed on Azure. Government agencies are asking about our FedRAMP compliance. I've seen that Azure commercial has FedRAMP high compliance available and Azure Government does as well.

For our Azure deployed apps, are we automatically FedRAMP compliant? If not, do we need to be on Azure Government? Is the pricing the same on Azure Government? Any help would be appreciated. -Steven

azure-security-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered KateChristner-2256 commented

@StevenNetsch-3116 Thanks for reaching out.

Azure commercial and Azure Govt, both are FedRAMP compliant and you do not have to on Azure Govt Cloud for this.
Check more about each service status within Azure Commercial/Public which is FedRAMP compliant :

https://docs.microsoft.com/en-us/azure/azure-government/compliance/azure-services-in-fedramp-auditscope#azure-public-services-by-audit-scope






Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Vipulsparch,

So for clarity... I can tell public sector employers that all of our systems are FedRAMP compliant on Azure?

If so, is there any documentation I can point to? Is it FedRAMP high compliance?

Any details would be helpful.

-Steven

0 Votes 0 ·

So, to be sure I understand, if we are hosting clients using Azure (public/commercial/global), we are already FedRAMP High compliant? Nothing else needs to be done? How do we prove this to our client?
Also, if we've got clients in Arizona and Virginia, do we need to purchase Azure Government?

0 Votes 0 ·