Microsoft 365 GCC High: Dedicated Services for the Defense Industrial Base and a Foundation for CMMC 2.0 Compliance

Defense contractors that make up the Defense Industrial Base (DIB) have contractual requirements around DFARS 252.204-7012. These requirements are built around NIST 800-171 and other controls. Microsoft 365 Government Community Cloud (GCC) High supports these additional controls, as well as those that require data sovereignty (i.e. ITAR, NOFORN). This is the only version of Microsoft 365 that meets these flow-down requirements.

Microsoft 365 GCC High for US defense contractors is a complete cloud productivity service that provides security, intelligence, and collaboration capabilities. As a result, defense contractors can leverage GCC High to help protect data, increase efficiencies, and enhance communication. Microsoft’s GCC High offers the highest levels of accreditation and compliance with NIST 800-171, ITAR, and DFARS 252.204-7012 for example. Therefore, your business is able to earn and maintain valuable contracts with the DoD.

What is GCC High?

Microsoft 365 GCC High is a version of Microsoft 365 designed specifically for the DIB. It is built on a foundation of security, privacy, and compliance in the Azure Government Cloud. Therefore, with Microsoft 365 GCC High, contractors can meet the following requirements:

  • FedRAMP Moderate (FedRAMP High in process)
  • NIST 800-171
  • DFARS 252-204.7012 including clauses (c) through (g)
  • Complete data, applications, and hardware residency in the United States
  • Physical separation within the United States operated by personnel who are US citizens and passed a rigorous background check.
  • Attestation to ITAR requirements

More than Just E-mail

Microsoft GCC High enables a compliant platform to support your IT environment, core communications, and collaboration services. Resulting in a secure environment, GCC High will satisfy many of the controls within CMMC 2.0 and become a critical tool in your overall compliance strategy. With GCC High, you can:

  • Consolidate core communications, document management and collaboration into a single, compliant platform
  • Qualify access to the system with a robust set of conditional access requirements
  • Label data in order to control the flow of CUI/CDI
  • Ensure Windows 10 and mobile devices are compliant
  • Actively hunt threat and anticipate issues
  • Connect audit logs into Azure Sentinel for free

Meet CMMC 2.0 With GCC High

Now, the Cybersecurity Maturity Model Certification (CMMC) framework, which builds upon the existing DFARS and NIST frameworks, brings new urgency to adopting GCC High. CMMC 2.0 prescribes three levels of cybersecurity maturity that measure cybersecurity controls and processes to ensure alignment with relevant policies. Most importantly, this certification will eventually determine whether you will be able to continue to work for the DoD.

C3 secures your environment and positions it for CMMC 2.0 with a methodical approach to compliance. To do so, we build upon GCC High and select complementary services to deliver the technologies required to comply with CMMC 2.0. Additionally, we align with the practices required in higher levels of maturity. Our approach is modular and allows clients to pick the services they need to complete their compliance journey.

Commercial Cloud GCC GCC High
Customer Eligibility Any customer Federal, SLG, Native American Tribes, Contractors Federal Contractors
Data Residency U.S. and International Continental U.S. Continental U.S. – U.S. NAT support only
Accreditation FedRAMP Moderate ATO FedRAMP Moderate ATO,DOD SRG L2 DISA FedRAMP + ATO, DOD SRG L43
Other Relevant Controls SAS, ISO, HIPAA, and others CJIS, IRS 1075, NIST 800-53r4 NIST 800-171, NIST 800-53r44
ITAR Support No Significant customer requirements2 Yes
Network Connectivity Express Route or Internet Express Route or Internet Express Route or Internet
Azure Dependency Azure (Public) Azure (Public) Azure (Government)

GCC High for Small and Midsize Businesses

GCC High licenses were only available as part of an Enterprise Agreement when it was originally released. Meaning, your business needed to purchase 500 or more licenses – a significant investment. However, Microsoft has authorized C3 to provision GCC High for less than 500 licenses. As a result, we help bring a level of affordability to small and medium-sized businesses. C3 is a Microsoft Partner and we have extensive experience in implementing GCC High for our clients. Therefore, we are uniquely qualified to make your implementation smooth and to accelerate adoption of the GCC High features across your organization.

C3 is a Leader in Developing Services for GCC High

GCC High and Azure Government continues to evolve as more and more defense contractors move to this specialized version of the service. To answer the demand, we are developing complementary solutions for GCC High and bringing them to market.

C3 and AvePoint Enable GCC High Back-up

When it was announced that CMMC would require back-up all of data for Level 2 and higher compliance, C3 began working with industry-leader AvePoint Public Sector. Together, we launched GCC High Back-up, one of the first GCC High back-up solutions in the market. GCC High Back-up builds on AvePoint’s world-class back-up service offerings, and C3’s proven experience delivering the Microsoft 365 GCC High environment.

The service helps defense contractors meet best practices around data backup for GCC High and includes multiple options for storage and retention. Additionally, clients have access to rich, enterprise-grade features.

C3 and CallTower Enable Audio Conferencing and PSTN

The lack of voice services in GCC High, especially audio conferencing, has hampered adoption of the platform. To meet this need, C3 partnered with CallTower to bring audio conferencing and PSTN calling to GCC High.

The partnership is allowing organizations to host a third-party voice provider within GCC High which closes a known, long-term gap in GCC High features. The C3-CallTower team is actively implementing this new solution with C3 GCC High clients. Together, the team of experts from both C3 and CallTower have identified and overcome the many technical challenges of voice enabled GCC High. As a result, we are delivering voice and telephony solutions to clients which helps their businesses connect and collaborate more effectively.

Why C3 Integrated Solutions for GCC High?

C3 is dedicated to securing our nation’s military infrastructure by protecting the cyber resources of the Defense Industrial Base (DIB). As a leading provider of Microsoft GCC solutions, we specialize in helping clients achieve DFARS 252.204-7012, NIST 800-171, and CMMC compliance. Our approach provides personal service on your terms.

Call Us: (571) 384-7950