![]() ![]() Office 365 DoD (DoD): the Office 365 DoD cloud service is designed according to DoD Security Requirements Guidelines Level 5 controls and supports strict federal and defense regulations.This environment is used by federal agencies, the Defense Industrial Base (DIBs), and government contractors. Office 365 Government Community Cloud - High (GCC High): the Office 365 GCC High cloud service is designed according to Department of Defense (DoD) Security Requirements Guidelines Level 4 controls and supports strictly regulated federal and defense information.Office 365 Government Community Cloud (GCC): the Office 365 GCC cloud service is available for United States Federal, State, Local, and Tribal governments, and contractors holding or processing data on behalf of the US Government.Office 365 (Commercial): the commercial public Office 365 cloud service available globally.Client software (Client): commercial client software running on customer devices.This section covers the following Office 365 environments: Microsoft may replicate customer data to other regions within the same geographic area (for example, the United States) for data resiliency, but Microsoft will not replicate customer data outside the chosen geographic area. Most Office 365 services enable customers to specify the region where their customer data is located. Microsoft Office 365 is a multi-tenant hyperscale cloud platform and an integrated experience of apps and services available to customers in several regions worldwide. Office 365 and FIPS 140-2 Office 365 environments Government Defenseįor more information about Azure, Dynamics 365, and other online services compliance, see the Azure FIPS 140-2 offering. Dynamics 365 and Dynamics 365 Government.Microsoft online services that include components, which have been FIPS 140-2 validated include, among others: While the current CMVP FIPS 140-2 implementation guidance precludes a FIPS 140-2 validation for a cloud service itself cloud service providers can choose to obtain and operate FIPS 140 validated cryptographic modules for the computing elements that comprise their cloud service. Microsoft in-scope cloud platforms & services Multiple Microsoft products, including many cloud services, use these cryptographic modules.įor technical information on Microsoft Windows cryptographic modules, the security policy for each module, and the catalog of CMVP certificate details, see the Windows and Windows Server FIPS 140-2 content. Microsoft validates its cryptographic modules under the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP). Microsoft maintains an active commitment to meeting the 140-2 requirements, having validated cryptographic modules since the standard's inception in 2001. Microsoft's approach to FIPS 140-2 validation The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules to the Security Requirements for Cryptographic Modules standard (i.e., FIPS 140-2) and related FIPS cryptography standards. The Cryptographic Module Validation Program (CMVP), a joint effort of the U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996. The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. ![]() In this article FIPS 140-2 standard overview ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |