Compliance in Azure Cosmos DB

Azure Cosmos DB is available in all Azure regions. Microsoft makes five distinct Azure cloud environments available to customers:

  • Azure public cloud, which is available globally.

  • Azure China 21Vianet is available through a unique partnership between Microsoft and 21Vianet, one of the country‚Äôs largest internet providers.

  • Azure Germany provides services under a data trustee model, which ensures that customer data remains in Germany under the control of T-Systems International GmbH, a subsidiary of Deutsche Telecom, acting as the German data trustee.

  • Azure Government is available in four regions in the United States to US government agencies and their partners.

  • Azure Government for Department of Defense(DoD) is available in two regions in the United States to the US Department of Defense.

To help customers meet their own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry in terms of both breadth (total number of offerings) and depth (number of customer-facing services in assessment scope). Azure compliance offerings are grouped into four segments - globally applicable, US Government, industry specific, and region or country/region specific. Compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.

Azure Cosmos DB certifications

Azure Cosmos DB is continually expanding its certification coverage. Currently, Azure Cosmos DB is certified with the following certificates:

Globally applicable US Government Industry specific Region or country specific
CSA STAR Certification DoD SRG Level 2 HIPAA BAA Australia IRAP
CSA STAR Attestation FedRAMP Moderate HITRUST Germany C5
ISO 20000-1:2011 GxP (FDA 21 CFR Part 11) PCI DSS Singapore MTCS Level 3
ISO 22301:2012 Spain ENS High
ISO 27001:2013
ISO 27017:2015
ISO 27018:2014
ISO 9001:2015
SOC 1, 2, 3

To learn more about each of these compliance offerings and how they benefit you, see Overview of Microsoft Azure compliance page.

The following table lists the certifications supported by Azure Cosmos DB in Azure Government:

Globally applicable US Government Industry specific
CSA STAR Certification CJIS HIPAA BAA
CSA STAR Attestation DoD SRG Level 2 HITRUST
ISO 20000-1:2011 DoD SRG Level 4 PCI DSS
ISO 9001:2012 DoD SRG Level 5
ISO 27001:2013 FedRAMP High
ISO 9001:2015 IRS 1075
ISO 27017:2014 NIST CSF
ISO 27018:2015 NIST SP 800-171
SOC 1, 2, 3

Next steps

To learn more about Azure compliance certifications, see the following articles: