Azure Government Engineering recently announced the initial release of the Azure Blueprint program, a program designed to facilitate the secure and compliant use of Azure for government agencies and third-party providers building on behalf of the government.
Based on Microsoft’s meticulous internal security protections and processes, Azure Government has been granted a JAB Provisional Authority to Operate (P-ATO), allowing customers to lessen the burden of security responsibilities in a cloud-based system. Azure Government allows customers to focus on implementations specific to their IaaS, PaaS, or SaaS by integrating the security control implementations built in Azure Blueprint.
Azure explains how this news will impact government associated parties by offering control of their stack from top to toe:
“One of the greatest challenges we see when working with Agency customers on their ATO efforts is understanding the scope of what can be inherited from Azure Government. Responsibility for each security control must be defined to ensure that controls are properly implemented through the entire stack. Without these responsibilities defined, ISSOs face a daunting task of determining how security controls must be implemented in a cloud environment. This challenge is the focus of Azure Blueprint Phase 1.”
This initial BluePrint release will assist Azure customers with documenting their security control implementations as part of their individual agency Authorization to Operate (ATO) processes.
A recent Microsoft server management blog explained how The FedRAMP Moderate SSP and Customer Responsibility Matrix (CRM), and System Security Plan (SSP) template are designed for use by Program Managers, Information System Security Officers, and other security personnel who are documenting system-specific security controls within Azure Cloud. This tool explicitly lists all control requirements that include a customer implementation requirement.
“The FedRAMP Moderate SSP Template is customer focused and designed for use in developing a SSP that includes both customer implementations as well as control inheritance from Azure Government. Customer responsibility sections include guidance on how to write a thorough and compliant control response. Azure inheritance sections include information on how the control is implemented by Azure Government on behalf of the customer.”
Download our Free Cloud Computing Platform Buyer’s Guide for a closer look at product key features and capabilities.