Windows Azure Platform >
FISMA / FedRAMP

Discussion FISMA / FedRAMP

  • Friday, November 09, 2012 6:29 PM
     
     
    Sign In to Vote
    0

    I am trying to get an answer on FISMA compliance. I know some other Microsoft cloud services (e.g. Office 365) have received a federal ATO but what about Azure? 

    I found a TechEd 2012 presentation given by David Aiken, Cloudy Weather: How Secure Is the Cloud? (http://northamerica.msteched.com/topic/details/2012/SIA204), which states that Azure "core services" comply with ISO/IEC 27001:2005, SSAE 16 (SOC 1 Type 2), EU-US Safe Harbour, EU Model Clauses and HIPAA BAA is being worked on and FISMA/FedRAMP is "for later". In the video he says "the other big one we are working on is FISMA...which will come a little bit later than that". The "that" being HIPAA BAA, which back in mid-June 2012 he said should be in place in a couple of months.

    So what's the deal with Azure and FISMA? The first FedRAMP provisional ATOs are supposed to be issued by the end of the year, presumably to some of the existing GSA IaaS BPAs. Is Microsoft working on a FedRAMP JAB-issued provisional ATO for Azure? What's the timetable? 

    • Changed Type Dino HeModerator Monday, November 26, 2012 5:41 AM Not a Azure question
    •  
     

All Replies

  • Monday, November 12, 2012 6:53 AM
    Moderator
     
     
    Sign In to Vote
    1

    Hi,

    Windows Azure does not have FISMA. We are close to getting FISMA compliance. But there is no timetable can be shared at this moment.

    Compliance related issue can be found at below page.

    http://www.windowsazure.com/en-us/support/trust-center/compliance/

    Allen Chen [MSFT]
    MSDN Community Support | Feedback to us

    • Marked As Answer by reddog7 Tuesday, November 13, 2012 2:35 PM
    •  
     
  • Tuesday, November 13, 2012 2:35 PM
     
     
    Sign In to Vote
    0
    Thanks. So I guess  for anyone in the market for a IaaS solution that meets federal requirements Microsoft isn't the place to go looking at the moment. I would suggest sharing a timetable as soon as possible, especially if some type of ATO is likely within the next 6 months. No timetable or information on where Microsoft in in the process suggests it is a ways off. 
    • Marked As Answer by reddog7 Tuesday, November 13, 2012 2:35 PM
    • Unmarked As Answer by reddog7 Tuesday, November 13, 2012 2:35 PM
    •  
     
  • Tuesday, March 12, 2013 7:19 PM
     
     
    Sign In to Vote
    0

    It is now March 12, 2013 and I still haven't seen any feedback regarding when Azure IaaS will have provisional FedRAMP ATO. CGI Federal has an IaaS offering that does have FedRAMP ATO. If we can't get a timetable on Azure then CGI Federal is our only solution for now.

    Can someone offer a timetable for Azure? Thanks

    Glenn Meyer

     
  • Wednesday, April 17, 2013 10:06 PM
     
     
    Sign In to Vote
    0


    Also interested in timetable for Azure.

    Autonomic also has a FedRAMP provisional ATO--they were the first to get one. But other providers provide FISMA IaaS solutions through the earlier GSA BPA and have done for some time. You can can get this on AWS now. Amazon has had it for a since 2011. 

    http://www.gsa.gov/portal/content/112063