Microsoft 365 GCC High: Dedicated Services for the Defense Industrial Base and a Foundation for CMMC Compliance

Defense contractors that make up the Defense Industrial Base (DIB) have contractual requirements around DFARS 252.204-7012 that are built around NIST 800-171 and other controls. These additional controls, as well as those that require data sovereignty (i.e. ITAR, NOFORN) are met with a special version of Microsoft 365 known as Government Community Cloud (GCC) High. This is the only version of Microsoft 365 that meets these flow-down requirements.

Microsoft 365 GCC High for US defense contractors is a complete cloud productivity service that provides security, intelligence, and collaboration capabilities to help protect data, increase efficiencies and enhance communication. Microsoft’s GCC High offers the highest levels of accreditation and compliance with NIST 800-171, ITAR, and DFARS 252.204-7012 – allowing your business to earn and maintain valuable contracts with the DoD.

What is GCC High?

Microsoft 365 GCC High is the version of Microsoft 365 that is designed specifically for the DIB. It is built on a foundation of security, privacy, and compliance in the Azure Government Cloud.  With Microsoft 365 GCC High, contractors can meet the following requirements:

  • FedRAMP Moderate (FedRAMP High in process)
  • NIST 800-171
  • DFARS 252-204.7012 including clauses (c) through (g)
  • Complete data, applications, and hardware residency in the United States
  • Physical separation within the United States operated by personnel who are US citizens and passed a rigorous background check.
  • Attestation to ITAR requirements

More than Just Email

Microsoft GCC High provides the cornerstone of any strategy to secure you IT environment by enabling a compliant platform to support your core communications and collaboration services.  Resulting in a secure environment, GCC High will satisfy many of the controls within CMMC and become a critical tool in your overall compliance strategy.  With GCC High, you can:

  • Consolidate core communications, document management and collaboration into a single, compliant platform
  • Qualify access to the system with a robust set of conditional access requirements
  • Label data in order to control the flow of CUI/CDI
  • Ensure Windows 10 and mobile devices are compliant
  • Actively hunt threat and anticipate issues
  • Connect audit logs into Azure Sentinel for free

Meet CMMC With GCC High

Now, the Cybersecurity Maturity Model Certification (CMMC), which was announced on September 4, 2019 brings new urgency to adopting GCC High. CMMC builds upon DFARS and NIST frameworks by requiring every contractor to be audited and certified by a third-party auditor. The model prescribes five levels of cybersecurity maturity that measure cybersecurity controls and processes and ensure alignment with relevant policies. Most importantly, this certification will eventually determine whether you will be able to continue to work for the DoD.

C3 has developed a methodical approach to securing your environment and positioning for CMMC compliance.  Building upon GCC High as well as select complementary services, we deliver the technologies required to enable the processes within CMMC and align the practices required in higher levels of maturity. This approach is modular, allowing our clients to pick the services they need to complete their compliance journey.

Commercial CloudGCCGCC High
Customer EligibilityAny customerFederal, SLG, Native American Tribes, ContractorsFederal Contractors
Data ResidencyU.S. and InternationalContinental U.S.Continental U.S. – U.S. NAT support only
AccreditationFedRAMP Moderate ATOFedRAMP Moderate ATO,DOD SRG L2DISA FedRAMP + ATO, DOD SRG L43
Other Relevant ControlsSAS, ISO, HIPAA, and othersCJIS, IRS 1075, NIST 800-53r4NIST 800-171, NIST 800-53r44
ITAR SupportNoSignificant customer requirements2Yes
Network ConnectivityExpress Route or InternetExpress Route or InternetExpress Route or Internet
Azure DependencyAzure (Public)Azure (Public)Azure (Government)

GCC High for Small and Midsize Businesses

When it was originally released, GCC High licenses were only available as part of an Enterprise Agreement, which required your business to purchase 500 or more licenses – a significant investment. C3 is one of a handful of Microsoft’s partners authorized to provision GCC High for less than 500 licenses, bringing a level of affordability to small and medium-sized businesses. And, because C3 has been implementing GCC High for clients longer, we are uniquely qualified to make your implementation smooth, and to accelerate adoption of the GCC High features across your organization.

C3 is a Leader in Developing Services for GCC High

GCC High and Azure Government continues to evolve as more and more defense contractors move to this specialized version of the service.  C3 is a market leader in developing complementary solutions for GCC High and bringing them to market.

C3 and AvePoint Enable GCC High Back-up

When it was announced that CMMC would require back-up all of data for Level 2 and higher compliance, C3 worked with industry-leader AvePoint Public Sector to launch GCC High Back-up , one of the first GCC High back-up solutions in the market. GCC High Back-up builds on AvePoint’s world-class back-up service offerings, and C3’s proven experience delivering the Microsoft 365 GCC High environment.

The service is expected to meet the needs of CMMC practices around data backup for GCC High and includes multiple options for storage as well as retention as well as features our clients expect in an enterprise class solution.

C3 and CallTower Enable Audio Conferencing and PSTN

Voice services in GCC High, especially audio conferencing has been a gap that has hampered adopton of the platform.  To meet this need, C3 partnered with CallTower to bring audio conferencing and PSTN calling to GCC High.

The partnership is allowing organizations to enable a third-party hosted voice provider within GCC High, closing a known, long-term gap in GCC High features. The C3-CallTower team is actively implementing this new solution for voice with C3 GCC High clients. Together, the team of experts from both C3 and CallTower have identified and overcome the many technical challenges of voice enabled GCC High, and delivering voice and telephony solutions to clients, helping their businesses connect and collaborate more effectively.

Why C3 Integrated Solutions for GCC High?

C3 is dedicated to securing our nation’s military infrastructure by protecting the cyber resources of the Defense Industrial Base (DIB).  As a leading provider of Microsoft Government Cloud solutions including Office 365 GCC, GCC High and Azure Government, we specialize in helping clients achieve DFARS 252.204-7012 and NIST 800-171 compliance through a suite of solutions designed to meet these requirements. This positions our clients to be ready for the upcoming Cybersecurity Maturity Model Certification audits later this year.  Our approach provides personal service on your terms.

Call Us: (571) 384-7950