Azure Blueprint released to help design secure Azure Government solutions

Kareem Anderson

Azure for Government is has been receiving a significant amount of attention lately as Microsoft transitions its cloud services from being a behind the scene project to becoming the company’s vanguard.

Recently, Azure for Government scored a provisional accreditation certification grant from The Ministry of Electronics and Information Technology (MeitY) in India giving the service a possible leg up as a serious cloud-based option for large businesses, schools, and government usage in the area.

In addition to its security and compliance standards, Microsoft is also looking to make Azure the go-to option for personal customization and flexibility among customers.

According to Nate Johnson of the Azure team, “architecting secure solutions just got easier!” when using Azure for Government.

Thanks to the release of the Azure Blueprint program, customers can now enable Azure to facilitate a secure and standards compliant relationship between the cloud services use with government agencies and third party providers contracted by those same agencies.

Azure Government has been granted a JAB Provisional Authority to Operate (P-ATO) based on Microsoft internal security protections and processes. Customers can leverage this P-ATO to reduce the scope of security responsibilities in a cloud-based system. Inheriting security control implementations from Azure Government allows customers to focus on implementations specific to their IaaS, PaaS, or SaaS environments built in Azure.

The initial release includes documentation to assist Azure customers with documenting their security control implementations as part of their individual agency ATO processes. The FedRAMP Moderate baseline Customer Responsibility Matrix (CRM) and System Security Plan (SSP) template are designed for use by Program Managers, Information System Security Officers (ISSO), and other security personnel who are documenting system-specific security controls within Azure Cloud.”

Through the use of FedRAMP Moderat SSP Templates, customers can design specific guidelines on writing thorough and compliant control responses as well as facilitate a two-way communication about security controls between Azure Government customers and their 3rd party contractors.

To learn more about the new Azure Blueprint program we encourage a visit to the Azure Government Cloud Blog to see all the comings and goings of FedRAMP, DISA Impact Level 4, System Security Plan (SSP) and Customer Responsibility Matrix (CRM).