Microsoft and FedRAMP Compliance: Good News for State & Local Governments, Too
Posted July 5, 2017
Microsoft Dynamics 365 U.S. Government was granted a FedRAMP Agency ATO, including FedRAMP High, FedRAMP, Moderate, and FedRAMP Accelerated.
What, exactly does this mean? And why should a state or local government or agency care about federal-level compliance? Let’s start by explaining what FedRAMP is and why compliance is so important.
What is FedRAMP?
FedRAMP (the U.S. Federal Risk and Authorization Management Program), is government-wide, established to provide a standardized approach to assessing, monitoring, and authorizing cloud computing products and services under the Federal Information Security Management Act (FISMA), and to accelerate the adoption of secure cloud solutions by federal agencies.
Any federal agency intending to engage a cloud service provider (CSP) will likely be required to meet FedRAMP specifications. Any company that uses cloud technologies in products or services used by the federal government are required to obtain an Authorization to Operate (ATO) before their applications can be placed in production. In fact, all executive federal agencies are required to use FedRAMP to validate the security of cloud services. State and local government agencies, as well as other public- sector organizations, have followed suit.
As government agencies adopt Cloud computing, taking advantage of its many benefits, FedRAMP compliance ensures that the cloud products or services they use meet standards for safety and reliability.
FedRAMP compliance saves agencies that work with cloud solution providers time, effort, and money– by enabling the re-use of existing security assessments across agencies, improving security, providing a consistent approach to risk management, and improving transparency between the agency and the CSP. By choosing a FedRAMP-compliant CSP, you avoid many of the hoops you otherwise would need to jump through, and you can have confidence in them. If you are a state or local government agency, you likely have an “ATO” process or similar criteria for acceptable application security standards—and in most cases, they are similar to FedRAMP standards. So…if it’s FedRAMP compliant, it will likely meet your standards, too.
Microsoft Azure Government Joins the Ranks
More good news: Azure and Azure Government are also FedRAMP compliant, meeting critical security standards. Azure Government was designed to support government IT initiatives. According to FedRAMP, it is “an open and flexible platform that enables customers to build, deploy, and manage applications across a global network of Microsoft-managed datacenters” and “enables customers to use scalable, on-demand cloud computing services that adhere to and meet federal security compliance regulations in the support of government computing initiatives.”
What It All Means to You
With this accreditation, any U.S. Government organization can extend Microsoft Dynamics 365 to meet the requirements for line-of-business applications—all within a secure cloud environment. They can also integrate with on-premises solutions and support hybrid deployment scenarios.
Federal agencies can choose Dynamics 365 with confidence. Through FedRAMP, these solutions already been thoroughly vetted—so the process of getting a new system up and running will move faster. Agencies such as the Administration for Children & Families are already using Dynamics 365 for case management and administration.
State and local agencies get the same benefits because most of their standards are based on those of FedRAMP. In other words, if you are thinking about adopting Dynamics 365, it’s likely you will not run into roadblocks during the vetting process.
If your government or agency is considering a move to the Cloud, discuss your plans, concerns, and needs with the Cloud experts at AKA Enterprise Solutions. We are a Microsoft Preferred Services Partner for Government and can help you architect and execute a plan that will ensure a smooth transition and a safer place for your citizens.