Microsoft recently announced FedRAMP High and Department of Defense (DoD) Impact Level 4 accreditation. This has raised the security and compliance bar across the Azure Government environment. As part of our commitment to addressing the US government’s cloud needs we strive to provide every customer with an experience that meets the highest bar across all of our compliance achievements.
In screening, we are now screening all our operators at National Agency Check with Law and Credit (NACLC) as defined in section 184.108.40.206 of the DoD Cloud Computing Security Requirements Guide (SRG):
The minimum background investigation required for CSP personnel having access to Level 4 and 5 information based on a “noncritical-sensitive” (e.g., DoD’s ADP-2) is a National Agency Check with Law and Credit (NACLC) (for “noncritical-sensitive” contractors), or a Moderate Risk Background Investigation (MBI) for a “moderate risk” position designation.
The following table summarizes our current screening for Azure Government operators:
|Microsoft personnel screening||Description|
|US citizenship||Verification of US citizenship.|
|Microsoft cloud background check (every two years)||Social Security number search, criminal history check, Office of Foreign Assets Control list (OFAC), Bureau of Industry and Security list (BIS), Office of Defense Trade Controls Debarred Persons list.|
|National Agency Check with Law and Credit (every five years)||Adds fingerprint background check against FBI databases. For additional information go here.|
|Criminal Justice Information Services (CJIS)||CJIS is a state, local and FBI government screening which processes fingerprint records and validates criminal histories on operational staff who could be provided access to critical criminal justice information (CJI) data. Each state does their own background check and subsequent approval of all employees with potential access to CJI.|