San Diego Computer Consulting is well-equipped to assist your company with FedRAMP and GCC requirements.   Office 365 is approved for FedRAMP requirements, ensuring compliance and security for government agencies and contractors. To onboard the GCC Office 365 solutions, you’ll need approval. San Diego Computer Consulting can guide you through this process, ensuring that your organization meets the necessary criteria.  Once approved, they’ll help you implement the FedRAMP GCC Office 365 cloud solutions, tailored to your specific needs.

FedRAMP Office 365 Solutions

Microsoft Office 365-GCC USA ONLY Tenant

  1. Office 365 Plans:
    • Both business and government Office 365 plans share many features.
    • They offer productivity tools like Word, Excel, PowerPoint, and Teams.
    • However, the GCC (Government Community Cloud) plans have specific requirements and features tailored for government agencies and contractors.
  2. GCC Cloud Solutions:
    • The GCC Cloud solutions are hosted within Microsoft’s US-based data centers.
    • These solutions ensure data redundancy and protection through clustered data centers spread across different regions.
    • The GCC section of Office 365 requires a separate approval process.
    • Once approved, your Office 365 data must be migrated to the new GCC platform.
  3. Migration Assistance:
    • San Diego Computer Consulting specializes in IT solutions and can assist you with this migration.
    • They’ll help move your email, SharePoint, and other solutions to the new GCC platform.
WhatisGCC
fedramp

FedRAMP Security for Cloud Solutions

FedRAMP (Federal Risk and Authorization Management Program) plays a crucial role in ensuring the security and compliance of cloud services used by government agencies and contractors. Here are the key points:

  1. FedRAMP Approval:
    • Companies approved by the government can provide cloud services that meet FedRAMP requirements.
    • Microsoft is one such approved provider, offering cloud solutions tailored to the Federal Government’s security needs.
  2. Microsoft’s FedRAMP Solutions:
    • Microsoft’s cloud solutions are specifically designed for FedRAMP compliance.
    • These solutions are well-defined and meet the stringent security standards required for DOD contractors and other civilian contractors working with federal entities.
  3. Office 365 and FedRAMP:
    • Office 365 already has dedicated sections that align with FedRAMP requirements.
    • This ensures that Office 365 services are secure and suitable for government use.

FedRAMP US DATA CENTERS ONLY

FedRAMP required that Office 365 solutions are provided at US only data center locations. US only data centers approved for Office 365 cloud solutions are part of the FedRAMP requirements. By controlling the data in the US, the likelihood of tampering is deemed significantly less. Microsoft also has specific security requirements on the servers that host their cloud solutions including the full encryption of all servers that host client data.

We at San Diego Computer Consulting have a large checklist that we review with each of our customers to make sure that no stone goes unturned. Email is so critical today; any type of loss can be detrimental to an organization. We do our very best to make sure mistakes are not made. By being onsite and planning in person we can talk through the migration to make sure the details are not missed.

microsoft-365-cloud-integration

Microsoft GCC Environment Compliance

The Microsoft 365 Government – GCC environment is specifically designed to meet the stringent requirements of US government agencies. Here are the key features that set it apart:

  1. Logical Segregation:
    • Your organization’s customer content is kept separate from commercial Office 365 services.
    • This ensures data privacy and security.
  2. US-Based Storage:
    • Customer content is stored within the United States.
    • This localization provides additional control and compliance.
  3. Restricted Access:
    • Only screened Microsoft personnel have access to your organization’s customer content.
    • This enhances security and confidentiality.
  4. Certifications and Accreditation:
    • Microsoft 365 Government – GCC complies with certifications required for US Public Sector customers.
    • It meets FedRAMP Moderate standards and addresses criminal justice and federal tax information system requirements.

Microsoft GCC Data Center-Office 365 Solutions

The Microsoft 365 Government GCC environment provides compliance with US governments for cloud services including FedRAMP moderate and requirements for criminal justice system and federal tax information systems.

To receive a GCC certificate (certificate of conformity,) an application must be filled out and approved by the US government.

The GCC certificate is a typically required for manufacturers and importers of certain ‘General Use’ products. This certifies their product has been tested and complies with all applicable consumer safety rules, standards and regulations.

The GCC must be issued by the manufacturer if the product is manufactured in the U.S. or the importer if the product is manufactured overseas. Certification is based on results of product testing.

office 365 GCC

GCC High Solutions

FedRAMP GCC HIGH is a standard of how data and email are to be secured and stored.   Microsoft GCC is an Office 365 platform that is based on USA Data Center servers.   Moving to GCC Fedramp is a migration process that moves you from the worldwide Microsoft Office 365 servers to the Microsoft GCC FedRAMP approved USA Servers.   This migration is done through Bit Titan from one Microsoft Tenant to the GCC Tenant.

FEDRAMP GCC HIGH can use another more strict use for Microsoft Office 365.   Those that use the GCC High still have to use 3 party solutions to make the GCC High fully compliant.   We at San Diego Computer Consulting partner with Preveil solutions to provide full GCC High approved solutions that overlay the Microsoft Office 365 cloud solution.   Preveil solutions is the best choice for us because it provides a distinctive layer for Secure Email and Secured files.   This are very separate and easily identifiable in Outlook and File shares.  Preveil uses an encrypted key on each device for its proven security that is 100% compliant

GCC High Solutions by Preveil

San Diego Computer Consulting chooses to use PreVeil for it GCC High solutions.   PreVeil offers the most easy and quick implementation for Office 365 & Gmail.   We can implement the Preveil solution to integrate with your current Email solution to provide a full secure GCC/ NIST SP 800-171 Compliant solution.   The PreVeil suite offers both Secure & Encrypted Email and file solutions.   Their services insure that all devices are secure with the install of a high level encryption key that must be installed on each device using the PreVeil system.   It is this secure, encrypted key that ensures the compliance for GCC High.

Total Compliance

Microsoft Office 365 Commercial Email and One Drive, as well as most Google workspace & Exchange environments do not meet all the necessary DoD requirements for handling CUI.   PreVeil’s encrypted file and email platform is designed to comply with CFARS, NIST, CMMC & ITAR requirements.

Preveil

There are 11 required elements in a GCC which are:

1. Identification of the product
2. A detailed description of the product
3. Citation to each of the consumer product safety regulations the product is certified
4. Separately identify each consumer product safety rule applicable to the product
5. Identify the importer or manufacturer certifying compliance
6. Include name, address, and phone number of importer or manufacturer
7. Contact information for the person maintaining the test results
8. Name(s), address, e-mail, phone number of the person maintaining test records in support of certification
9. Date (at least month and year) and location of where the product was manufactured
10. Date and location when the product was tested for compliance
Location of testing and dates of tests that certification is based on