Microsoft 365 GCC High: Dedicated Services for the Defense Industrial Base and a Foundation for CMMC 2.0 Compliance
Defense contractors that make up the Defense Industrial Base (DIB) have contractual requirements around DFARS 252.204-7012. These requirements are built around NIST 800-171 and other controls. Microsoft 365 Government Community Cloud (GCC) High supports these additional controls, as well as those that require data sovereignty (i.e. ITAR, NOFORN). This is the only version of Microsoft 365 that meets these flow-down requirements.
Microsoft 365 GCC High for US defense contractors is a complete cloud productivity service that provides security, intelligence, and collaboration capabilities. As a result, defense contractors can leverage GCC High to help protect data, increase efficiencies, and enhance communication. Microsoft’s GCC High offers the highest levels of accreditation and compliance with NIST 800-171, ITAR, and DFARS 252.204-7012 for example. Therefore, your business is able to earn and maintain valuable contracts with the DoD.
What is GCC High?
Microsoft 365 GCC High is a version of Microsoft 365 designed specifically for the DIB. It is built on a foundation of security, privacy, and compliance in the Azure Government Cloud. Therefore, with Microsoft 365 GCC High, contractors can meet the following requirements:
- FedRAMP Moderate (FedRAMP High in process)
- NIST 800-171
- DFARS 252-204.7012 including clauses (c) through (g)
- Complete data, applications, and hardware residency in the United States
- Physical separation within the United States operated by personnel who are US citizens and passed a rigorous background check.
- Attestation to ITAR requirements
More than Just E-mail
Microsoft GCC High enables a compliant platform to support your IT environment, core communications, and collaboration services. Resulting in a secure environment, GCC High will satisfy many of the controls within CMMC 2.0 and become a critical tool in your overall compliance strategy. With GCC High, you can:
- Consolidate core communications, document management and collaboration into a single, compliant platform
- Qualify access to the system with a robust set of conditional access requirements
- Label data in order to control the flow of CUI/CDI
- Ensure Windows 10 and mobile devices are compliant
- Actively hunt threat and anticipate issues
- Connect audit logs into Azure Sentinel for free
Meet CMMC 2.0 With GCC High
Now, the Cybersecurity Maturity Model Certification (CMMC) framework, which builds upon the existing DFARS and NIST frameworks, brings new urgency to adopting GCC High. CMMC 2.0 prescribes three levels of cybersecurity maturity that measure cybersecurity controls and processes to ensure alignment with relevant policies. Most importantly, this certification will eventually determine whether you will be able to continue to work for the DoD.
C3 secures your environment and positions it for CMMC 2.0 with a methodical approach to compliance. To do so, we build upon GCC High and select complementary services to deliver the technologies required to comply with CMMC 2.0. Additionally, we align with the practices required in higher levels of maturity. Our approach is modular and allows clients to pick the services they need to complete their compliance journey.
||Federal, SLG, Native American Tribes, Contractors
||U.S. and International
||Continental U.S. – U.S. NAT support only
||FedRAMP Moderate ATO
||FedRAMP Moderate ATO,DOD SRG L2
||DISA FedRAMP + ATO, DOD SRG L43
|Other Relevant Controls
||SAS, ISO, HIPAA, and others
||CJIS, IRS 1075, NIST 800-53r4
||NIST 800-171, NIST 800-53r44
||Significant customer requirements2
||Express Route or Internet
||Express Route or Internet
||Express Route or Internet
GCC High for Small and Midsize Businesses
GCC High licenses were only available as part of an Enterprise Agreement when it was originally released. Meaning, your business needed to purchase 500 or more licenses – a significant investment. However, Microsoft has authorized C3 to provision GCC High for less than 500 licenses. As a result, we help bring a level of affordability to small and medium-sized businesses. C3 is a Microsoft Partner and we have extensive experience in implementing GCC High for our clients. Therefore, we are uniquely qualified to make your implementation smooth and to accelerate adoption of the GCC High features across your organization.
C3 is a Leader in Developing Services for GCC High
GCC High and Azure Government continues to evolve as more and more defense contractors move to this specialized version of the service. To answer the demand, we are developing complementary solutions for GCC High and bringing them to market.
C3 and AvePoint Enable GCC High Back-up
When it was announced that CMMC would require back-up all of data for Level 2 and higher compliance, C3 began working with industry-leader AvePoint Public Sector. Together, we launched GCC High Back-up, one of the first GCC High back-up solutions in the market. GCC High Back-up builds on AvePoint’s world-class back-up service offerings, and C3’s proven experience delivering the Microsoft 365 GCC High environment.
The service helps defense contractors meet best practices around data backup for GCC High and includes multiple options for storage and retention. Additionally, clients have access to rich, enterprise-grade features.
C3 and CallTower Enable Audio Conferencing and PSTN
The lack of voice services in GCC High, especially audio conferencing, has hampered adoption of the platform. To meet this need, C3 partnered with CallTower to bring audio conferencing and PSTN calling to GCC High.
The partnership is allowing organizations to host a third-party voice provider within GCC High which closes a known, long-term gap in GCC High features. The C3-CallTower team is actively implementing this new solution with C3 GCC High clients. Together, the team of experts from both C3 and CallTower have identified and overcome the many technical challenges of voice enabled GCC High. As a result, we are delivering voice and telephony solutions to clients which helps their businesses connect and collaborate more effectively.
Why C3 Integrated Solutions for GCC High?
C3 is dedicated to securing our nation’s military infrastructure by protecting the cyber resources of the Defense Industrial Base (DIB). As a leading provider of Microsoft GCC solutions, we specialize in helping clients achieve DFARS 252.204-7012, NIST 800-171, and CMMC compliance. Our approach provides personal service on your terms.