Azure Government Secret expands DoD IL6 services, receives highest level information categorization

Brian Eshenbrenner

In our previous blog post, we shared that Azure Government Secret achieved Provisional Authorization (PA) at Department of Defense (DoD) Impact Level 6 (IL6) in addition to Intelligence Community Directive (ICD) 503 Authorization to Operate (ATO) with facilities accredited at ICD 705. Today, we’re announcing that Azure Government Secret DoD IL6 PA was expanded to include more than 60 cloud services in authorization scope and highest level information categorization as High Confidentiality, High Integrity, and Customer-determined Availability (H-H-x). Azure Government Secret is the first and only classified cloud service offering to receive the highest possible DoD IL6 PA at the H-H-x information categorization.

Image H H x blog image 1

Developed using the same principles and architecture as Azure commercial, Azure Government Secret enables fast access to sensitive, mission-critical information while maintaining the security and integrity of classified workloads. It’s available from three accredited regions located over 500 miles apart to support demanding business continuity and disaster recovery requirements. Azure Government Secret operates on secure, native connections to classified networks with options for ExpressRoute and ExpressRoute Direct for private, resilient, high-bandwidth connectivity.

More than 60 cloud services in DoD IL6 PA scope

Azure Government Secret provides a broad range of commercial cloud innovation for classified workloads. You can provision IaaS, PaaS, and SaaS services across many service categories, including analytics, hybrid, identity, management, security, virtual desktop infrastructure, and others. For more information about cloud services in IL6 provisional authorization scope, see Cloud services compliance scope.

About H-H-x information categorization

Section 5.1.1 DoD use of FedRAMP Security Controls of the DoD Cloud Computing Security Requirements Guide (SRG) states that a FedRAMP High provisional authorization, supplemented with DoD FedRAMP+ controls and control enhancements (C/CEs) and requirements in the SRG, are used to assess cloud service offerings toward awarding a DoD IL6 PA.

The Committee on National Security Systems Instruction No. 1253 (CNSSI 1253), Security Categorization and Control Selection for National Security Systems, provides all federal government departments, agencies, bureaus, and offices with a guidance for security categorization of National Security Systems (NSS). CNSSI 1253 builds on the National Institute of Standards and Technology (NIST) SP 800-53, which provides the FedRAMP control baselines.

However, there are some key differences between CNSSI 1253 and NIST SP 800-53, including the approach adopted by CNSSI 1253 to define explicitly the associations of Confidentiality, Integrity, and Availability to security controls, and to refine the use of security control overlays for the national security community. NSS are categorized using separate Low, Medium, and High categorization for each of the security objectives – Confidentiality, Integrity, and Availability. This approach results in categorizations such as “Moderate-Moderate-Low,” “Moderate-Moderate-High,” and so on. CNSSI 1253 then provides the appropriate security baselines for each of the possible system categorizations using controls from NIST SP 800-53.

Azure Government Secret is the first and only classified cloud service offering to have received the highest possible DoD IL6 PA at the High Confidentiality, High Integrity, and Customer-determined Availability (H-H-x) information categorization.

Learn more

To learn more about Azure Government Secret, visit Azure Government for national security. To learn more about how Microsoft helps you meet your compliance obligations, see Azure compliance documentation.





Discussion is closed.

Feedback usabilla icon