FedRAMP Office 365 Solutions

San Diego Computer Consulting can help your company with your FedRAMP and GCC requirements for DOD, Government, and contracting requirements. Office 365 is approved for FedRAMP requirements. The GCC Office 365 cloud and its varied solutions must be applied for and approved before any on-boarding of the GCC Office 365 solutions. Once approved, San Diego Computer Consulting can help you with the FedRAMP GCC Office 365 cloud set of solutions.

Microsoft Office 365-GCC USA ONLY Tenant

Microsoft Office Government Office 365 plans are virtually the same as the business plans. The GCC Cloud plans solutions are different in that the same solutions that are office by Office 365 are now moved within Microsoft US-based data centers. The data for your company still has the same redundancy throughout a clustered data solution that in spread through regional centers for maximum protection.
The GCC section of Office 365 must be a separate approval and upon acceptance, your Office 365 data must be moved to the new GCC platform. Your email, SharePoint and other solutions MUST be migrated to the new GCC platform. San Diego Computer Consulting can help you with this migration.

Learn More: Migration to GCC Office 365
WhatisGCC
fedramp

FedRAMP Security for Cloud Solutions

FedRAMP is a very important security clearance that allows specific companies that are approved with the Government to have approved cloud services.

Microsoft is approved for a provided cloud solution by FedRAMP.

The cloud solutions provided by Microsoft are specific to FedRAMP and are sectioned off for the Federal Government security requirements.

FedRAMP security is required for DOD Contractors and other civilian contractors that work with or connected to any federal entity. FedRAMP requirements can be stringent.

However, for Office 365, these solutions are already sectioned off and well defined.

FedRAMP US DATA CENTERS ONLY

FedRAMP required that Office 365 solutions are provided at US only data center locations. US only data centers approved for Office 365 cloud solutions are part of the FedRAMP requirements. By controlling the data in the US, the likelihood of tampering is deemed significantly less. Microsoft also has specific security requirements on the servers that host their cloud solutions including the full encryption of all servers that host client data.

We at San Diego Computer Consulting have a large checklist that we review with each of our customers to make sure that no stone goes unturned. Email is so critical today; any type of loss can be detrimental to an organization. We do our very best to make sure mistakes are not made. By being onsite and planning in person we can talk through the migration to make sure the details are not missed.

Summit7_compliance-framework
FedRAMP/GCC Eligibility online form can be found here: FedRAMP Form
microsoft-365-cloud-integration
FedRAMP/GCC Eligibility online form can be found here: FedRAMP Form

Microsoft GCC Environment Compliance

The Microsoft 365 Government – GCC environment provides compliance with US government requirements for cloud services, including FedRAMP Moderate, and requirements for criminal justice and federal tax information systems (CJI and FTI data types).
In addition to enjoying the features and capabilities of Office 365, organizations benefit from the following features that are unique to Microsoft 365 Government – GCC:

-Your organization’s customer content is logically segregated from customer content in the commercial Office 365 services from Microsoft.

-Your organization’s customer content is stored within the United States.

-Access to your organization’s customer content is restricted to screened Microsoft personnel.

-Microsoft 365 Government – GCC complies with certifications and accreditation that are required for US Public Sector customers.

Microsoft GCC Data Center-Office 365 Solutions

The Microsoft 365 Government GCC environment provides compliance with US governments for cloud services including FedRAMP moderate and requirements for criminal justice system and federal tax information systems.

To receive a GCC certificate (certificate of conformity,) an application must be filled out and approved by the US government.

The GCC certificate is a typically required for manufacturers and importers of certain ‘General Use’ products. This certifies their product has been tested and complies with all applicable consumer safety rules, standards and regulations.

The GCC must be issued by the manufacturer if the product is manufactured in the U.S. or the importer if the product is manufactured overseas. Certification is based on results of product testing.

office 365 GCC

GCC High Solutions

FedRAMP GCC HIGH is a standard of how data and email are to be secured and stored.   Microsoft GCC is an Office 365 platform that is based on USA Data Center servers.   Moving to GCC Fedramp is a migration process that moves you from the worldwide Microsoft Office 365 servers to the Microsoft GCC FedRAMP approved USA Servers.   This migration is done through Bit Titan from one Microsoft Tenant to the GCC Tenant.

FEDRAMP GCC HIGH can use another more strict use for Microsoft Office 365.   Those that use the GCC High still have to use 3 party solutions to make the GCC High fully compliant.   We at San Diego Computer Consulting partner with Preveil solutions to provide full GCC High approved solutions that overlay the Microsoft Office 365 cloud solution.   Preveil solutions is the best choice for us because it provides a distinctive layer for Secure Email and Secured files.   This are very separate and easily identifiable in Outlook and File shares.  Preveil uses an encrypted key on each device for its proven security that is 100% compliant

GCC High Solutions by Preveil

San Diego Computer Consulting chooses to use PreVeil for it GCC High solutions.   PreVeil offers the most easy and quick implementation for Office 365 & Gmail.   We can implement the Preveil solution to integrate with your current Email solution to provide a full secure GCC/ NIST SP 800-171 Compliant solution.   The PreVeil suite offers both Secure & Encrypted Email and file solutions.   Their services insure that all devices are secure with the install of a high level encryption key that must be installed on each device using the PreVeil system.   It is this secure, encrypted key that ensures the compliance for GCC High.

Total Compliance

Microsoft Office 365 Commercial Email and One Drive, as well as most Google workspace & Exchange environments do not meet all the necessary DoD requirements for handling CUI.   PreVeil’s encrypted file and email platform is designed to comply with CFARS, NIST, CMMC & ITAR requirements.

Preveil

There are 11 required elements in a GCC which are:

1. Identification of the product
2. A detailed description of the product
3. Citation to each of the consumer product safety regulations the product is certified
4. Separately identify each consumer product safety rule applicable to the product
5. Identify the importer or manufacturer certifying compliance
6. Include name, address, and phone number of importer or manufacturer
7. Contact information for the person maintaining the test results
8. Name(s), address, e-mail, phone number of the person maintaining test records in support of certification
9. Date (at least month and year) and location of where the product was manufactured
10. Date and location when the product was tested for compliance
Location of testing and dates of tests that certification is based on

Click here for the Microsoft GCC, FedRAMP Cloud Solution Plan Options

Have any other questions? Want to learn more? Contact us for complimentary first consultation.

Contact Us