10 New Tools Available in FedRAMP High

Microsoft has 10 new tools available in FedRAMP High. Giving Microsoft a present total of 67 services within their FedRAMP High Authority-to-Operate (ATO) environments. As government entities and contractors continue to move critical resources to cloud infrastructure in-line with the Cloud First / Cloud Smart Policy, Microsoft has been adding additional capabilities to its already robust line of FedRAMP compliant offerings included within GCC and Azure Government.

Let’s go over these new services, and talk a little about why this is important for CIOs working with government files in a cloud environment.

Understanding Microsoft FedRAMP High ATO

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that standardizes security and compliance procedures for cloud providers. For this reason, FedRAMP certifications — which follow NIST SP 800-53 security controls — help government agencies and contractors select an appropriate cloud environment for their documents.

The governance of FedRAMP is complicated. Currently, many agencies are involved in the overall governance, including:

Joint Authorization Board (JAB)

National Institute for Standards and Technology (NIST)

Department of Homeland Security (DHS)

CIO Council

Office of Management and Budget (OMB)

FedRAMP Program Management Office (PMO)

There are also other agencies that are involved in the overall process, including the Department of Housing and Urban Development (HUD) which granted Microsoft’s FedRAMP Agency ATO at the High Impact Level certification for Dynamics 365 U.S. Government.

For a detailed look at FedRAMP governance, see official FedRAMP policy memo.

Currently, Microsoft has FedRAMP High ATO (or FedRAMP at a high baseline) for Dynamics 365 U.S. Government. While Dynamics U.S. Government is the only Microsoft service that has the High ATO certification, other Microsoft services (e.g., GCC) contain the same FedRAMP controls, making them compliant.

Microsoft was one of the three provisionary cloud services granted FedRAMP High ATO (which includes stricter controls than light and moderate baselines.) The other two are Amazon GovCloud and ARC-P.

FedRAMP High ATO lets contractors and agencies know that Microsoft has the capabilities to handle their sensitive government data while remaining compliant to FedRAMP requirements. So, when Microsoft adds services to FedRAMP High ATO, they are adding additional capabilities to their government cloud solution. Typically, these services have already been thoroughly tested and are fully operational in their non-government cloud environments.

Let’s take a look at these 10 new ones.

10 New FedRAMP High ATO Microsoft Services

1. Azure Security Center

Security Center gives you posture scores for your security environments. So, this service can help you both breed better security controls into your cloud workflows and provide directive on setting up environments that are compliant to specific regulatory requirements (e.g., CIS, ISO, COS, etc.) The Secure Score can help you figure out your weaknesses and give you guidance on what objectives need to be achieved.

2. Azure Advisor

Advisor acts as a one-stop-shop for recommendations within your Azure environment. It may give you insights into ways you could be more cost-effective or resource conservative. Or, it may help you with security and availability. It will also give you accurate timeline information so that you can see how rapidly you can launch these changes. The easiest way to think about Azure is as a personalized assistant that helps you maintain best-practices in your specific environment.

3 – 4. Azure DB for MySQL and Azure DB for PostgreSQL

Both DB for MySQL and DB for PostgreSQL are managed services for MySQL and PostgreSQL through Azure. So, instead of spinning up a VM to run a MySQL or PostgreSQL server on your own, Microsoft handles the management aspect. This gives you more scalability and flexibility. Plus, it saves you some Tylenol for all of those headaches.

5. Azure File Sync

File Sync centralizes your file shares in Azure Files. This is great if you have multiple offices or you’re a large organization with regional offices because you can deploy common files quickly while keeping the same compatibility as your on-premise server. Plus, File Sync lets you specify data syncing at a tiered level — which can help you dump stale data out of your common files.

6. Azure Lab Services

Another really useful service is Lab Services. This lets you create environments rapidly to utilize for a variety of scenarios. Microsoft’s big sell point for Lab Services is classroom labs, which can be a pain to set up for each instance without Lab Services. But, it can also be used to set up testing, staging, or development environments.

7. Azure Migrate

Migrate is a godsend and invaluable when it comes to Azure migration. It assesses your on-premise machines and servers (or hybrid servers/cloud servers) and workflows for cloud migration. It will give you cost estimates, resource estimates, and more. Its availability in Azure government has been requested for quite some time.

8. Azure Policy