Compliance on Azure Government

  • 10 minutes

When selecting a cloud provider to host your solutions, it's important to understand how that provider can help you comply with stringent regulations and standards from the following perspectives. Here are some questions to ask of a provider.

  • How compliant is the cloud provider when it comes to handling sensitive data?
  • How compliant are the services offered by the cloud provider?
  • How can I deploy my own cloud-based solutions to scenarios that have accreditation or compliance requirements?

Let's examine these questions in relation to Azure Government.

How compliant is the cloud provider when it comes to handling sensitive data?

Microsoft Azure is the most trusted and compliant cloud. It offers the most comprehensive set of compliance offerings of any cloud service provider.

Compliance overview

Broadest compliance: The most certifications of any cloud provider to simplify government compliance requirements.

Level 5 DoD approved: 8 announced datacenter regions including 2 dedicated regions for US DoD Impact Level5 workloads, and coming soon, 2 classified Secret regions.

FedRAMP High and DISA L4 and L5 (DoD regions): 45 services are included in our FedRAMP High compliance scope (with Wave 7 approval), and 42 in DoD SRG Level 4 scope including Express Route.

Department of Defense: First cloud to be awarded an Information Impact Level 5 DoD provision Authorization by the Defense Information Systems Agency

CJIS states: 70% of US population covered

How compliant are the services offered by the cloud provider?

The following table is an illustration of the Azure Government Services and their FedRAMP Moderate, FedRAMP High, and CJIS compliance.

Overview of Azure Government compliance depth in terms of services offered.

How can I deploy my own cloud-based solutions to scenarios that have accreditation or compliance requirements?

Microsoft Azure Blueprint provides a fast track to certification and compliance. This five-step process streamlines paperwork through templates and tools, allowing security professionals to focus on security – not paperwork.

Certification and compliance can be costly in terms of both dollars and time. Microsoft is developing the Azure Blueprint program to reduce these costs to our customers who build on top of Azure's architecture. Azure Blueprint offers support in the following areas.

  • Architecture: Transparency that allows our customers to build secure and compliant applications.
  • Deployment: Automation that speeds the process of deploying secure and compliant applications on Azure.
  • Certification: Pre-built and pre-approved compliance documentation that dramatically reduces the cost/time of certification.
  • Expertise: Deep Azure experts are available for consulting with customers who don't have in-house compliance organizations
  • Partnership: The Cloud Health & Security Engineering team is available to assist customers in meetings with regulators and achieving authorization to operate (ATO).

To learn more about the Azure Blueprint program, see the official Security and Compliance Blueprints on Azure documentation