Azure Blueprint helps DoD Mission Owners accelerate compliance with L5 security controls
Azure Government Engineering is pleased to announce the release of Azure Blueprint for the DoD Information Impact Level 5 baseline.
Azure Blueprint provides DoD customers with a simplified method to understand the scope of their security responsibilities when architecting solutions in Azure, streamlining the path to attain a mission-level Authority to Operate (ATO). This release includes a DoD L5 Customer Responsibility Matrix and System Security Plan template designed for use by DoD Mission Owners, Authorizing Officials, and other security personnel who are implementing and documenting mission-level system security controls within Azure.
Accelerate security control implementation using the DoD L5 Customer Responsibility Matrix to understand which L5 control requirements include a customer implementation requirement. The Customer Responsibility Matrix documents controls with a shared responsibility between Azure and Azure customers, as well as controls that must be fully implemented by Azure customers.
The customer-focused DoD L5 System Security Plan template is designed for use in developing a mission-level SSP that includes both customer implementations as well as control inheritance from Azure Government. Azure inheritance sections include pre-populated information about how security controls are implemented by Azure Government on behalf of the customer, and customer responsibility sections include guidance on how to write thorough and compliant control responses.
As announced on January 13, Azure Government has been granted an Information Impact Level 5 DoD provisional authorization by the Defense Information Systems Agency. This provisional authorization allows all U.S. Department of Defense (DoD) customers to leverage Azure Government for the most sensitive controlled unclassified information (CUI), including CUI of National Security Systems.
With this release, Azure Blueprint is available for the DoD L4 and L5 baselines and FedRAMP Moderate and High baselines – supporting all customers across government.
Additional information and Blueprint resources are available on the Azure Government Documentation site.
For any questions and to access to these documents, please e-mail AzureBlueprint@microsoft.com.
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click “Subscribe by Email!” on the Azure Government Blog. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.