Security standards, including the Defense Federal Acquisition Regulation Supplement and the Cybersecurity Maturity Model Certification, must be followed by contractors and subcontractors dealing with the US Department of Defense. This is to verify that they have the appropriate security processes in place to protect unclassified data that is regulated.
But from what risks do they need to be protected?
The Most Serious Threat Is Phishing
Working in an insecure email environment exposes contractors and subcontractors to spoofing, the most frequent way hackers acquire data. As per a blog post published by Cyber Defense Magazine, around 43% of cyberattacks hit small and mid-sized enterprises, especially DoD contractors. Ninety-one percent of the assaults were carried out with the help of a phishing email.
As a result, DoD vendors are turning to the cloud to beef up their cybersecurity defenses against phishing. Managed IT services for government contractors and Microsoft Government Community Cloud (GCC) High is here to help.
What Does Microsoft GCC Stand For?
GCC High is a cloud platform that complies with NIST 800-171, the International Traffic in Arms Regulations (ITAR), and the Federal Risk and Authorization Management Program’s stringent cybersecurity standards (FedRAMP). GCC High is a clone of Microsoft DoD, except the former may run in its own independent environment.
Besides the compliance manager and calling plans, GCC High has all of the features included in the commercial version. Furthermore, some technologies, notably Cloud App Security, Microsoft Defender ATP, and Intune, are missing critical features due to compliance issues.
Who Can Attend GCC High School?
GCC High is only available to DoD and Defense Industrial Base (DBI) vendors and federal agencies. Companies interested in using GCC High services must first pass Microsoft’s certification procedure.
How Do You Get GCC High Validation?
If your firm already has a Microsoft 365 Commercial subscription and wants to upgrade to GCC High, you’ll need to complete the steps below:
- Obtaining Validation
- To be validated as a Category 3 entity, you must contact Microsoft and request validation.
- Providing Documents That Are Relevant
- You should bring a support letter or a signed contract as proof of qualification.
Obtaining a GCC High License Request
You’ll need to cooperate with an AOS-G partner to do this. A managed IT services provider is an AOS-G associate from whom you may acquire a Microsoft 365 license directly.
The list of CMMC DoD regulatory requirements does not cover GCC High. Despite the fact that GCC High is the only edition of Microsoft 365 that meets the DFARS 7012 documentation standards, you don’t need it to receive a CMMC DoD certificate for CMMC levels 1 and 2. However, there is a condition in the contract for DFARS 7012 if your firm wants to become accredited at level 3 or higher. Microsoft GCC High is the only reporting platform inside Microsoft 365 and Office 365 that satisfies the DFARS 7012 standards. As a result, if your firm wants to get level 3 certification and uses Office 365 or Microsoft 365, you’ll need GCC high to be compliant.