Eli Selig. Office 365 Government & CMMC 2.0 Guide

Eli Selig helps organizations navigate Microsoft Office 365 Government solutions, including GCC and GCC High. He works closely with clients to design secure, compliant environments and guides them through the CMMC 2.0 certification process with a clear, practical approach.

San Diego Computer Consulting® is an authorized GCC and GCC High reseller, specializing in building the right Microsoft government cloud solutions for each client. We provide seamless migrations from commercial Office 365 environments to GCC tenants, along with full implementation and ongoing support to ensure security, compliance, and long-term success.

Eli Gcc

What is the difference between Office 365 commercial and government?

Here is a simple differentiation between Microsoft 365 US Government and their commercial,business offerings!

  • Data Segregation: MS365 Government data is kept separate from commercial data.
  • GCC Data Location: Stored in a separate enclave within the Azure Commercial cloud.
  • GCC High and DoD Data Location: Housed in the US Sovereign Cloud, with data centers located only in the US and supported by screened US persons.
  • Feature Availability: Most features are available to both commercial and government tenants, but some internet-based services might be limited. Future features may also roll out more slowly or be unavailable due to compliance issues.

What is the Difference Between GCC and GCC High?

The main difference between GCC and GCC High lies in their hosting environments and security measures:

  • GCC (Government Community Cloud): Data is stored in a separate enclave within the Azure Commercial cloud. This environment can be accessed by Microsoft’s worldwide personnel.
  • GCC High: Data is housed in the US Sovereign Cloud, which is located entirely within the United States. Access to this environment is restricted to Microsoft personnel who are U.S. citizens with specific clearances

Both environments meet stringent compliance and security standards, but GCC High offers higher security levels, making it suitable for organizations handling more sensitive data.

Microsoft-GCC-Cloud-Contrast
microsoft-gcc

Microsoft Office 365 GCC Specifics.

GCC Provides a secure cloud environment for general government data management. It’s compliant with DFARS 252.204-7012, DoD SRG level 2, and FBI CJIS FedRAMP Moderate. GCC is also useful for DoD contractors who need to meet CMMC Level 2-3 compliance. However, GCC is not appropriate for organizations that use Microsoft 365 to handle and safeguard Controlled Unclassified Information (CUI)

GCC (Government Community Cloud): This environment is designed for general government data management and is compliant with several standards, including DFARS 252.204-7012, DoD SRG Level 2, and FBI CJIS FedRAMP Moderate12. It’s particularly useful for DoD contractors needing to meet CMMC Level 2-3 compliance.

Data Location: GCC data is stored on Microsoft servers located exclusively in the United States1.

Compliance: While GCC is secure and meets various compliance standards, it is not suitable for handling Controlled Unclassified Information (CUI)12.

What Differentiates Microsoft Office 365 GCC High?

GCC High Microsoft GCC High and DoD feature the most stringent background checks for employees working in their data centers. GCC High was designed for Defense Industrial Base (DIB) needs. It uses dedicated data centers in the continental US and is supported solely by cleared US persons. Unlike GCC, GCC High includes a contractual guarantee that no data will leave the United States and that only US persons will ever have access to GCC High data.

GCC High is hosted in Microsoft’s US Sovereign Cloud, which is located within the United States and is only accessible to Microsoft personnel with U.S. citizenship and specific clearances. GCC High also runs on dedicated U.S. infrastructure and U.S. support personnel, which makes it more expensive than GCC.

 

 

 

Key Differences:

  • GCC High: Designed for the Defense Industrial Base (DIB) and other organizations handling sensitive data.
  • Data Centers: Located in the continental US, supported solely by cleared US persons.
  • Security: Includes stringent background checks (DoD IT-2 adjudication) and guarantees that data will not leave the US.
  • Compliance: Meets CMMC, NIST 800-171, ITAR, and DoD CC SRG Level IL4 standards, making it suitable for handling Controlled Unclassified Information (CUI) and Covered Defense Information (CDI).
  • Hosting: Hosted in the US Sovereign Cloud, accessible only to US citizens with specific clearances.
  • Cost: More expensive than GCC due to higher security and dedicated infrastructure.