Microsoft Makes Government Cloud Offerings More Accessible to Small Businesses in the DIB
HUNTSVILLE, Ala., Jan. 14, 2021 /PRNewswire/ -- Microsoft announced last week it is now permitting Defense Industrial Base (DIB) suppliers to submit other forms of evidence for accessing its US-sovereign cloud environments, namely Microsoft Government Community Cloud High (GCC High). The leading cloud provider created its Microsoft Azure Government and Microsoft 365 GCC High offerings to support, both, federal agencies and their suppliers to hold and process sensitive data types. Previously federal contractors in the DIB were required to show proof from an existing contract or a letter from a Department of Defense (DoD) customer expressing specific cybersecurity requirements. In 2021 defense contractors can now provide Microsoft a valid Commercial and Government Entity (CAGE) code, a five-character ID number used by the GSA, or their company's Data Universal Number Systems (DUNS) number.
Many companies in the DIB have chosen Microsoft 365 GCC High as a proper platform for their users and the Controlled Unclassified Information (CUI) they interact with. However, Scott Edwards - CEO of Summit 7 Systems – explains that "some non-traditional contractors, start-ups, and smaller organizations may not have past performance or current contracts with the DoD or a prime contractor to give them access to GCC High." Microsoft recognized this barrier of entry and elected to add CAGE and DUNS as appropriate justification, especially considering both are prerequisites for any business pursuing contractual work with the DoD. These credentials are provided through a Federal vetting process and often registered around the same time a contractor incorporates and obtains a Tax Identification Number.
DoD has and continues to give significant considertion to the impacts of its ongoing Cybersecurity Maturity Model Certification (CMMC) on the small business community. Similarly, Microsoft is actively developing constructive means to allow businesses of all sizes and maturity levels to access its cloud platforms for digital transformation and meeting CMMC. Edwards adds, "This is most evidenced by the recent changes with licensing and eligibility, as well as the CMMC Acceleration Program." Microsoft launched the CMMC Acceleration Program in late 2020 as an ongoing effort to make cloud security and compliance less challenging with scripted tools and documentation related to meeting CMMC in Microsoft 365 and Azure.
Richard Wakeman, Senior Director of Aerospace & Defense in the Azure Global Team, stated "Katie Arrington of the Office of the Undersecretary of Defense (OUSD) is often quoted stating CMMC is not a checklist or one-time exercise, and organizations must continually mature and adapt to new threats. Microsoft holds a similar viewpoint in that we aim to regularly release new tools and capabilities to enable compliance and combat new threats. In addition to these tools, our team also strives to ensure Microsoft sovereign cloud offerings are accessible for DIB small businesses."
Organizations that previously underwent the eligibility process with Microsoft before 2021 will also benefit from another change. Once a government contractor applied for access to Azure Government or Microsoft 365 GCC High, the organization would eventually receive a notice of their status as a Category 1, 2, or 3 entity. Microsoft 365 GCC High was limited to only businesses with a Category 3 notice, but now all Category 1 and 2 business can purchase licensing from an approved AOS-G vendor or through an enterprise agreement.
Richard Wakeman, Microsoft
About Summit 7 Systems
About Microsoft 365 GCC High
SOURCE Summit 7 Systems
Privacy for IoT
Competitive Advantages of Edge Analytics