Defense contractors that make up the Defense Industrial Base (DIB) have contractual requirements around DFARS 252.204-7012. These requirements are built around NIST 800-171 and other controls. Microsoft 365 Government Community Cloud (GCC) High supports these additional controls, as well as those that require data sovereignty (i.e. ITAR, NOFORN). This is the only version of Microsoft 365 that meets these flow-down requirements.
Microsoft 365 GCC High for US defense contractors is a complete cloud productivity service that provides security, intelligence, and collaboration capabilities. As a result, defense contractors can leverage GCC High to help protect data, increase efficiencies, and enhance communication. Microsoft’s GCC High offers the highest levels of accreditation and compliance with NIST 800-171, ITAR, and DFARS 252.204-7012 for example. Therefore, your business is able to earn and maintain valuable contracts with the DoD.
Microsoft 365 GCC High is a version of Microsoft 365 designed specifically for the DIB. It is built on a foundation of security, privacy, and compliance in the Azure Government Cloud. Therefore, with Microsoft 365 GCC High, contractors can meet the following requirements:
Microsoft GCC High enables a compliant platform to support your IT environment, core communications, and collaboration services. Resulting in a secure environment, GCC High will satisfy many of the controls within CMMC 2.0 and become a critical tool in your overall compliance strategy. With GCC High, you can:
Now, the Cybersecurity Maturity Model Certification (CMMC) framework, which builds upon the existing DFARS and NIST frameworks, brings new urgency to adopting GCC High. CMMC 2.0 prescribes three levels of cybersecurity maturity that measure cybersecurity controls and processes to ensure alignment with relevant policies. Most importantly, this certification will eventually determine whether you will be able to continue to work for the DoD.
C3 secures your environment and positions it for CMMC 2.0 with a methodical approach to compliance. To do so, we build upon GCC High and select complementary services to deliver the technologies required to comply with CMMC 2.0. Additionally, we align with the practices required in higher levels of maturity. Our approach is modular and allows clients to pick the services they need to complete their compliance journey.
| Commercial Cloud | GCC | GCC High | |
|---|---|---|---|
| Customer Eligibility | Any customer | Federal, SLG, Native American Tribes, Contractors | Federal Contractors |
| Data Residency | U.S. and International | Continental U.S. | Continental U.S. – U.S. NAT support only |
| Accreditation | FedRAMP Moderate ATO | FedRAMP Moderate ATO,DOD SRG L2 | DISA FedRAMP + ATO, DOD SRG L43 |
| Other Relevant Controls | SAS, ISO, HIPAA, and others | CJIS, IRS 1075, NIST 800-53r4 | NIST 800-171, NIST 800-53r44 |
| ITAR Support | No | Significant customer requirements2 | Yes |
| Network Connectivity | Express Route or Internet | Express Route or Internet | Express Route or Internet |
| Azure Dependency | Azure (Public) | Azure (Public) | Azure (Government) |
GCC High licenses were only available as part of an Enterprise Agreement when it was originally released. Meaning, your business needed to purchase 500 or more licenses – a significant investment. However, Microsoft has authorized C3 to provision GCC High for less than 500 licenses. As a result, we help bring a level of affordability to small and medium-sized businesses. C3 is a Microsoft Partner and we have extensive experience in implementing GCC High for our clients. Therefore, we are uniquely qualified to make your implementation smooth and to accelerate adoption of the GCC High features across your organization.
GCC High and Azure Government continues to evolve as more and more defense contractors move to this specialized version of the service. To answer the demand, we are developing complementary solutions for GCC High and bringing them to market.
When it was announced that CMMC would require back-up all of data for Level 2 and higher compliance, C3 began working with industry-leader AvePoint Public Sector. Together, we launched GCC High Back-up, one of the first GCC High back-up solutions in the market. GCC High Back-up builds on AvePoint’s world-class back-up service offerings, and C3’s proven experience delivering the Microsoft 365 GCC High environment.
The service helps defense contractors meet best practices around data backup for GCC High and includes multiple options for storage and retention. Additionally, clients have access to rich, enterprise-grade features.
The lack of voice services in GCC High, especially audio conferencing, has hampered adoption of the platform. To meet this need, C3 partnered with CallTower to bring audio conferencing and PSTN calling to GCC High.
The partnership is allowing organizations to host a third-party voice provider within GCC High which closes a known, long-term gap in GCC High features. The C3-CallTower team is actively implementing this new solution with C3 GCC High clients. Together, the team of experts from both C3 and CallTower have identified and overcome the many technical challenges of voice enabled GCC High. As a result, we are delivering voice and telephony solutions to clients which helps their businesses connect and collaborate more effectively.
C3 is dedicated to securing our nation’s military infrastructure by protecting the cyber resources of the Defense Industrial Base (DIB). As a leading provider of Microsoft GCC solutions, we specialize in helping clients achieve DFARS 252.204-7012, NIST 800-171, and CMMC compliance. Our approach provides personal service on your terms.
Your Information Is Safe With Us. C3 Integrated Solutions will never sell, rent, share or distribute your personal details with anyone. In addition, we will never spam you.
