Microsoft’s Cloud Infrastructure Receives FISMA Approval

Microsoft’s Cloud Infrastructure Receives FISMA Approval

  • Comments 11
  • Likes

By Mark Estberg, Senior Director of Risk and Compliance,
Global Foundation Services 

Although cloud computing has emerged as a hot topic only in the past few years, Microsoft has been running some of the largest and most reliable online services in the world for over 16 years. Our cloud infrastructure supports more than 200 cloud services, 1 billion customers, and 20 million businesses in over 76 markets worldwide.

 

Today, I am pleased to announce that Microsoft’s cloud infrastructure has achieved another milestone in receiving its Federal Information Security Management Act of 2002 (FISMA) Authorization to Operate (ATO).  Meeting the requirements of FISMA is an important security requirement for US Federal agencies. The ATO was issued to Microsoft’s Global Foundation Services organization. It covers Microsoft’s cloud infrastructure that provides a trustworthy foundation for the company’s cloud services, including Exchange Online and SharePoint Online, which are currently in the FISMA certification and accreditation process. 

 

This ATO represents the government’s reliance on our security processes and covers Microsoft’s General Support System and follows NIST Special Publication 800-53 Revision 3 “Recommended Security Controls for Federal Information Systems and Organizations.”

 

Government organizations require specialized compliance and regulatory processes. Operating under FISMA requires transparency and frequent security reporting to our US Federal customers. And we are applying these specialized processes across our infrastructure to even further enhance our Online Services Security & Compliance program. The company has been designing and testing our cloud applications and infrastructure for over a decade to continually address emerging, internationally-recognized standards. We are focused on excelling in demonstrating our capabilities and compliance with these laws and with our stringent internal security and privacy policies.  As a result, all our customers can benefit from highly-focused testing and monitoring, automated patch delivery, cost-saving economies of scale, and ongoing security improvements.

 

   

 Microsoft’s Chicago datacenter (a FISMA-approved facility), provides over 17 football fields worth of cloud computing capacity.

 

The company opened its first datacenter in September 1989 and today its globally-distributed, high-availability datacenters are managed by our Global Foundation Services (GFS) group. GFS’s Online Services Security & Compliance team has built upon the company’s existing capabilities, including being one of the first major online service providers to achieve our ISO/IEC 27001:2005 certification and SAS 70 Type II attestation, which also met the FISMA requirements.  We have also gone beyond the ISO standard, which includes some 150 security controls and developed over 300 security controls to account for the unique challenges of the cloud infrastructure and what it takes to mitigate some of the risks involved. The additional rigorous testing and continuous monitoring required by FISMA have already been incorporated into our overall information security program, which is described in several white papers located our Global Foundation Services web site.  

 

More information about FISMA is available at the National Institute of Standards and Technology web site.

 

Comments
  • Is FISMA compliance also valid for Azure Datacenters?

    Tnks

  • Was this at the low or moderate level?

  • Can this be leveraged through FedRAMP?

  • Other press releases indicate that although the data center is approved to operate, the actual application services (i.e. Exchange Online and SharePoint) have not been certified.  What is the status of service certification?

  • Who builds a major data center adjacent to a busy interstate highway?

  • does this mean that a SharePoint Online Dedicated Service offering would be automatically FISMA Compliant?

  • As an Office 365 Enterprise level customer, how can we obtain a copy of the FISMA ATO Letter to satsify our Federal governmnet clients inquiries?

  • PurpleDemon9

  • DIAMOND

  • How do I get copy of FISMA or SOC report for documentation audit purpose?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment