MICROSOFT 365 GCC HIGH LICENSING

Microsoft Cloud Services Tailored for Government Customers

Microsoft 365 GCC High Licensing Available for Under 500 Licenses

Dox is among the first to offer GCC High licenses through Microsoft's new program - get your quote today.
INQUIRE TODAY
Microsoft is now permitting small and medium-sized businesses to purchase Microsoft 365 GCC High licensing.

To meet the unique and evolving requirements of the United States Department of Defense (DoD) contractors holding or processing DoD Controlled Unclassified Information (CUI) or subject to International Traffic in Arms Regulations (ITAR), Microsoft offers the Microsoft 365 U.S. Government Community Cloud (GCC) High environment.

Dox, a Microsoft Gold Partner, is a certified Microsoft Reseller for Microsoft 365 GCC High licensing for companies of fewer than 500 licenses. Microsoft had previously required companies to sign an Enterprise Agreement (EA) of 500 or more licenses to access the Microsoft 365 GCC High environment, but under the updated program, Dox can provide access to Microsoft 365 GCC High to smaller companies without that 500 license commitment.

Many are confused about which cloud is right for them. For those of you who have a government contract through the DoD or for those businesses that fall under DFARS or ITAR requirements, you must be on GCC High in order to be in compliance with and achieve and maintain regulatory compliance. DFARS requires your cloud environment to be FedRAMP compliant and Microsoft is not able to supply several requirements under the FedRAMP controls for the regular public Office 365 offering. Microsoft only certifies DFARS compliance on the GCC High environment.

Information sourced from Microsoft on May 1, 2023. Please click here to view the latest on Microsoft's website.


  Microsoft 365
"Commercial"
Microsoft 365
US Government (GCC)
Microsoft 365
Government (GCC High)
Microsoft 365
Government (DoD)
Customer Eligibility Any Customer Federal, SLG, Tribes, Eligible Contractors
(DIB, FFRDC, UARC)
Federal, Eligible Contractors
(DIB, DDRDC, UARC)
DoD Only
Datacenter Location US & OCONUS CONUS Only CONUS Only CONUS Only
FedRAMP 1 High High High High
DFARS 252.204.7012 No Yes Yes Yes
FCI + CMMC L1 Yes Yes Yes Yes
CUI / CDI + CMMC L2-3 No Yes^ Yes Yes
ITAR / EAR No No Yes Yes
DoD CC SRG Level 2 N/A IL2 IL4 IL5
NIST SP 800-53 / 171 3 Yes Yes Yes Yes
CJIS Agreement No State Federal No
NERC / FERC No Yes^ Yes Yes
Customer Support Worldwide / Commercial Personnel US-Based / Restricted Personnel
Directory / Network Azure "Commercial" Azure Government
      US Sovereign Cloud

1 Equivalency, Supports accreditation at noted impact level
2 Equivalency, PA issued for DoD only
3 Organizational Defined Values (ODV's) will vary
^ CUI Specified (e.g., ITAR, Nuclear, etc.) not suitable REQS US Sovereignty

Microsoft 365 Government Community Cloud (GCC)

Scope in GCC

  • GCC is a data enclave in commercial. Ultimately it is a segregated environment but still resides in Azure commercial.
  • Shared services may have data processing Outside the Continental United States (OCONUS) and leverage a global follow-the-sun support model.
  • Commercial was not built for the regulations and standards that govern CUI.

Controlled Unclassified Information – “Maybe” in GCC

  • CUI categories to include Defense, Export Control, Nuclear, etc., undoubtedly require the U.S. Sovereign cloud and are not appropriate for storage within GCC.
  • Ultimately, customers are responsible for ensuring that they review the relevant regulations and Microsoft's offering prior to determining which Microsoft Government Cloud Service is the best fit to support their obligations for CUI.

DFARS Yes, but No Flow-Downs in GCC

  • You will not get a contractual agreement from Microsoft to support DFARS in GCC, nor to demonstrate DFARS compliance with your customers, vendors, and partners. The primary gap includes the scope of services that fall outside the covered workloads for GCC.

Microsoft 365 Government (GCC High)

ITAR in GCC High

  • GCC High was built for export controls in the U.S. to include ITAR and Export Administration Regulations (EAR). NOTE: It is extremely unwise to move forward with Commercial or GCC if you have export controls.

NIST 800-171 and DFARS in GCC High

GCC High complies with DFARS clause 252.204-7012 sub-paragraphs (c)-(g), except as follows:
  • (c) Cyber incident reporting requirement. Microsoft will report security incidents to the Customer in accordance with incident response processes and definitions detailed in the DoD CC SRG accreditation requirements. The customer will be responsible for reporting the incident to the DoD, if required.
  • (e) Media preservation and protection. Microsoft shall preserve and protect all relevant forensic data of known affected information systems in support of an incident. Any relevant monitoring/packet capture data must be gathered and retained by the customer.
  • (f) Access to additional information or equipment necessary for forensic analysis. Upon request by the customer, Microsoft will provide appropriate additional access to any relevant forensic information.

FedRAMP High in GCC High

  • You can demonstrate compliance with FedRAMP High in GCC High and in Azure Government. High-Impact level is not a requirement for DFARS compliance, but FedRAMP Moderate is required for DFARS.

Benefits of Purchasing Microsoft 365 GCC High Through Dox:

  • Access to Microsoft 365 GCC High to enable compliance with DFARS 7012 and NIST 800-171.
  • Industry Leading expertise in the design and implementation of GCC High to meet DFARS 7012 and NIST 800-171.
  • Years of experience with migrating to Microsoft 365 from existing Microsoft 365 tenants, on- premises environments or other Cloud providers.
  • Comprehensive support options once the implementation and migration are complete.
  • Exostar partner with experience bringing subcontractors into compliance with DFARS 7012 and NIST 800-171.
  • Microsoft's trusted thought leader in DFARS/NIST compliance for government contractors.
 
Copyright ©   DoxWeb Design & SEO by Scriptable Solutions