Tech

Microsoft cloud on the cusp of high-impact provisional ATO

Azure Government may receive the new FedRAMP accreditation within the month, Microsoft said.

March 15, 2016

Azure Government, Microsoft’s federal cloud services platform, announced it is on the cusp of receiving the Federal Risk and Authorization Management Program’s high-impact provisional authority to operate — a new accreditation that would allow it to store highly sensitive government data in the cloud.

If it succeeds, Azure would be one of the first cloud providers to receive a FedRAMP high-impact P-ATO. To date, Azure and other cloud providers, like Amazon Web Services, have achieved only a “moderate impact” certification, limiting the sensitivity of data they can store in their cloud services.

FedRAMP first released its high-impact baseline for cloud security to the public in January. In a blog post, Microsoft Cloud Security Director Matt Rathbun said Azure Government participated in a FedRAMP pilot to help test out the benchmarks cloud providers must reach to store the highest tiers of secured data. After completing the pilot, Azure Government submitted for a high-impact P-ATO.

Rathbun said that FedRAMP could sign off on the P-ATO certification within a month.

“The creation of the FedRAMP High Security Baseline is essential in allowing agencies to migrate more high-impact level data to the cloud,” Matt Goodrich, director for FedRAMP’s Program Management Office at the General Services Administration, said in the post. “Selecting Microsoft Azure Government to participate in FedRAMP’s High Impact baseline pilot and its forthcoming Provisional Authority to Operate (P-ATO) from the FedRAMP JAB are testaments to Microsoft’s ability to meet the government’s rigorous security requirements.”

Microsoft also announced that Azure finalized a security assessment report that will qualify it for Defense Information Systems Agency Impact Level 4 authorization, allowing it to handle Department of Defense data marked as “for official use only,” “law enforcement sensitive” or “sensitive security information.”

In a bid to achieve DISA Level 5 authorization — the second highest level — Microsoft will also establish two new physically isolated regions, designated U.S. DOD East and U.S. DOD West, catered specifically to the Defense Department’s stringent security standards. It is projected to be operational by 2017.

Microsoft cloud on the cusp of high-impact provisional ATO

More Like This

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Cybersecurity executive order requirements are nearly complete, GAO says

Oracle approved to handle government secret-level data

Top Stories

DOJ seeks public input on AI use in criminal justice system

GSA taps TTS deputy director to take top Login.gov role next month

Scientists must be empowered — not replaced — by AI, report to White House argues

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

More Scoops

Salesforce launches ‘Einstein 1’ generative AI tool for government

How cloud modernization transformed OPM cybersecurity operations

Microsoft makes Azure OpenAI service available in government cloud platform

Reimagining tech modernization for the future in government

OMB extends comment period for new FedRAMP guidance

Microsoft rolls out generative AI roadmap for government services

With draft guidance, OMB kickstarts effort to modernize FedRAMP for ‘today’s cloud challenges’

Latest Podcasts

Microsoft cloud on the cusp of high-impact provisional ATO

Scientists Must Be Empowered, Not Replaced by AI

Leveraging modern access management to achieve zero trust

The role of the federal chief AI officer

Tech

Defense

Cyber

Acquisition