HUNTSVILLE, Ala., Jan. 14, 2021 /PRNewswire/ -- Microsoft announced last week it is now permitting Defense Industrial Base (DIB) suppliers to submit other forms of evidence for accessing its US-sovereign cloud environments, namely Microsoft Government Community Cloud High (GCC High). The leading cloud provider created its Microsoft Azure Government and Microsoft 365 GCC High offerings to support, both, federal agencies and their suppliers to hold and process sensitive data types. Previously federal contractors in the DIB were required to show proof from an existing contract or a letter from a Department of Defense (DoD) customer expressing specific cybersecurity requirements. In 2021 defense contractors can now provide Microsoft a valid Commercial and Government Entity (CAGE) code, a five-character ID number used by the GSA, or their company's Data Universal Number Systems (DUNS) number.
Many companies in the DIB have chosen Microsoft 365 GCC High as a proper platform for their users and the Controlled Unclassified Information (CUI) they interact with. However, Scott Edwards - CEO of Summit 7 Systems – explains that "some non-traditional contractors, start-ups, and smaller organizations may not have past performance or current contracts with the DoD or a prime contractor to give them access to GCC High." Microsoft recognized this barrier of entry and elected to add CAGE and DUNS as appropriate justification, especially considering both are prerequisites for any business pursuing contractual work with the DoD. These credentials are provided through a Federal vetting process and often registered around the same time a contractor incorporates and obtains a Tax Identification Number.
DoD has and continues to give significant consideration to the impacts of its ongoing Cybersecurity Maturity Model Certification (CMMC) on the small business community. Similarly, Microsoft is actively developing constructive means to allow businesses of all sizes and maturity levels to access its cloud platforms for digital transformation and meeting CMMC. Edwards adds, "This is most evidenced by the recent changes with licensing and eligibility, as well as the CMMC Acceleration Program." Microsoft launched the CMMC Acceleration Program in late 2020 as an ongoing effort to make cloud security and compliance less challenging with scripted tools and documentation related to meeting CMMC in Microsoft 365 and Azure.
Richard Wakeman, Senior Director of Aerospace & Defense in the Azure Global Team, stated "Katie Arrington of the Office of the Undersecretary of Defense (OUSD) is often quoted stating CMMC is not a checklist or one-time exercise, and organizations must continually mature and adapt to new threats. Microsoft holds a similar viewpoint in that we aim to regularly release new tools and capabilities to enable compliance and combat new threats. In addition to these tools, our team also strives to ensure Microsoft sovereign cloud offerings are accessible for DIB small businesses."
Organizations that previously underwent the eligibility process with Microsoft before 2021 will also benefit from another change. Once a government contractor applied for access to Azure Government or Microsoft 365 GCC High, the organization would eventually receive a notice of their status as a Category 1, 2, or 3 entity. Microsoft 365 GCC High was limited to only businesses with a Category 3 notice, but now all Category 1 and 2 business can purchase licensing from an approved AOS-G vendor or through an enterprise agreement.
Richard Wakeman, Microsoft
Richard Wakeman is the Senior Director of Aerospace & Defense for Azure Global at Microsoft. Mr. Wakeman specializes in the complex requirements of the DIB and adoption of Azure Government, Microsoft 365 GCC High / DoD and Dynamics 365 GCC High through engaging with partners and customers end-to-end. Richard joined Microsoft in 2007 and has worked with hundreds of the most prominent world-wide accounts during that time.
About Summit 7 Systems
Summit 7 Systems is a national leader in cybersecurity and compliance for the Aerospace and Defense industry and corporate enterprises. Summit 7 won the 2020 Microsoft US Partner Award in Security and Compliance for its Microsoft Cloud solutions regarding CMMC, DFARS, NIST 800-171, ITAR, and CUI. Summit 7 Systems is privately held and headquartered in Huntsville, Alabama.
About Microsoft 365 GCC High
Microsoft 365 GCC High is built on Microsoft Azure Government within dedicated US-sovereign data centers. Azure Government is currently certified to FedRAMP High, as well as the entire suite of GCC High services hosted in Azure Government. The platform and its infrastructure are managed by background checked US persons, and Microsoft attests to meet DFARS flowdown clauses and reporting requirements on the platform.