Azure Government Articles

FedRAMP Weekly Tips – July 13 2017

This week, FedRAMP published a weekly tip that discusses requirements for vulnerability scanning: Q: What are the FedRAMP requirements for vulnerability scanning? A: Vulnerability scanning must occur for Operating System (OS)/ infrastructure, databases, and web application components in the Cloud Service offering authorization boundary. The scanning parameters for the components must be defined in the Security...

FedRAMP Weekly Tips – July 6 2017

This week, FedRAMP published a weekly tip that discusses email notifications and background checks on staff members. TIP: When submitting a RAR or an authorization package, be sure to send an email notification to info@fedramp.gov. Cloud Service Providers (CSPs), Partnering Agencies, and/or Third Party Assessment Organizations (3PAOs) must send an email notification to info@fedramp.gov to let...

FedRAMP Weekly Tips – June 29 2017

This week, FedRAMP published a weekly tip that discusses POA&Ms and testing evidence timeliness. Q: What purpose does the Plan of Action & Milestones (POA&M) document serve? A: The purpose of the POA&M is to facilitate a disciplined and structured approach to mitigating risks in accordance with the CSP’s risk mitigation strategy. The POA&Ms include...

FedRAMP Weekly Tips – June 22 2017

This week, FedRAMP published a weekly tip that discusses CSP transfers of ownership and ISSO assignments for a JAB P-ATO: Q: Is there an established process for what is supposed to occur when ownership of an authorized service transfers from one Cloud Service Provider (CSP) to another? A: If there were NO changes to the...

FedRAMP Weekly Tips – June 15 2017

This week, FedRAMP published a weekly tip that addresses Incident Response Plans and Security Assessment Reports: Q: Does FedRAMP provide a template for an Incident Response Plan? A: Security Control IR-8 requires CSPs to develop an Incident Response Plan (IRP). The IRP is a required document within security authorization packages. FedRAMP does not provide a...

FedRAMP Weekly Tips – June 8 2017

This week, FedRAMP published a weekly tip that addresses applying for an Agency High Baseline Authorization and an RAR Federal Mandate that is often overlooked: Q: What are some frequently asked questions for CSPs who currently hold an Agency Authorization to Operate (ATO) at the Moderate level, but wish to apply for an Agency High...

FedRAMP Weekly Tips – June 1 2017

This week, FedRAMP published a weekly tip that addresses common mistakes made by Cloud Service Providers (CSPs). Q: What are some common mistakes that arise when addressing Control Implementation statements? A: There are several mistakes that CSPs encounter when drafting their Control Implementation statements. Some of those include: Customer Responsibility The customer specific responsibility should...

Azure Government Chatbot Reduces Email By 50%

Microsoft Azure Government is really pioneering some exciting technology right now! Earlier this week, Microsoft and the City of Los Angeles unveiled CHIP, a chatbot whose name stands for “City Hall Internet Personality”. CHIP runs in the Azure Government cloud.  It resides on Los Angeles’s Business Assistance Virtual Network (BAVN), and was created by two city...