Microsoft is a leader in FedRAMP certified services–as of September 2017, Microsoft offers 12 services in Azure (the commercial version) that are FedRAMP-certified at the Moderate Impact Level, and 32 services in Azure Government that are FedRAMP-certified at the High Impact Level.
Additionally, Azure and Azure Government have both earned P-ATOs from the FedRAMP Joint Authorization Board (JAB).
In summary, this article describes the following:
– 32 Azure Government services that are FedRAMP certified
– Azure and Azure Government P-ATOs
Want to learn more about Azure FedRAMP Compliance?
Click here to visit our Azure FedRAMP Compliance page.
FedRAMP-Certified Services in Azure
The following Azure services are FedRAMP-certified at the Moderate Impact Level:
- Azure Active Directory
- Application Gateway
- Cloud Services
- Key Vault
- Multi-Factor Authentication
- Load Balancer
- SQL Database
- Storage
- Traffic Manager
- Virtual Machines
- Virtual Network
- VPN Gateway
FedRAMP-Certified Services in Azure Government
The following Azure Government services are FedRAMP-certified at the High Impact Level:
- App Service: Web Apps
- Application Gateway
- Automation
- Azure Active Directory (Note: The use of Azure Active Directory within Azure Government requires the use of components that are deployed outside of Azure Government on the Azure public cloud)
- Azure Government Portal
- Azure Resource Manager
- Backup, Batch
- Cloud Services
- Compute Resource Manager
- Event Hubs
- ExpressRoute
- HDInsight
- Key Vault
- Load Balancer
- Log Analytics
- Media Services
- Network Resource Provider
- Notification Hubs
- Redis Cache
- Scheduler
- Service Bus
- Site Recovery
- SQL Data Warehouse
- SQL Database
- Storage
- Storage Resource Provider
- StorSimple
- Traffic Manager
- Virtual Machines
- Virtual Network
- VPN Gateway
Azure & Azure Government P-ATOs
Azure maintains a P-ATO at the Moderate Impact Level. (Azure was the first public cloud with infrastructure and platform services to receive a P-ATO.) The JAB has also granted Azure Government a P-ATO at the High Impact Level, the highest bar for FedRAMP accreditation, which authorizes the use of Azure Government to process highly sensitive data.
Please note that despite Azure and Azure Government being granted P-ATOs, government agencies must still go through the process to obtain an agency-level ATO for Azure and/or Azure Government. A government agency can leverage the Azure/Azure Gov P-ATOs in its own security authorization process, and rely on it as the basis for issuing an agency ATO that also meets FedRAMP requirements.
More Information
For more information about FedRAMP compliance in Azure and Azure Government, please visit the Microsoft Trust Center or the cFocus Software Complete Azure FedRAMP Compliance Guide.
Want to learn more about Azure FedRAMP Compliance?
Click here to visit our Azure FedRAMP Compliance page.