The GCC Preparation Guide

Between constant national-security compliance updates, the increase in cybersecurity incidents, and the need for cleared personnel to remotely access network resources such as applications or sensitive data, there had to be a solution available that balances user accessibility with security and compliance.

This prompted the creation of Microsoft 365 Government Community Cloud (GCC) just a few years back — a Platform as a Service (PaaS) that securely runs Microsoft Office applications in the cloud that meets rigid compliance and security requirements set for government agencies and their contractors. Some of the GCC compliance frameworks include Defense Federal Acquisition Regulation Supplement (DFARS) 7012, Federal Risk and Authorization Management Program (FedRAMP) High, and the Department of Defense (DoD) Controlled Unclassified Information (CUI), and the Cybersecurity Maturity Model Certification (CMMC) 2.0.

A short time later, however, to provide expanded compliance capabilities in more stringent areas such as International Traffic in Arms Regulation (ITAR) and Export Administration Regulation (EAR) data, Microsoft released a more robust solution — Microsoft 365 Government Community Cloud High (GCC environment). 

This in-depth guide covers the GCC environment, how the system operates, the benefits of investing in it, and the types of Microsoft applications you can run in its cloud. We also dive into a major product update, in which our MathCraft Security software applications will soon be running in GCC environments for defense contractors to adopt while maintaining federal compliance.

What is the GCC Environment Platform?

Built on the Microsoft Azure Government cloud, the GCC environment hosts productivity applications and web services for users to access. It specifically enables secure access to cleared personnel and contractors within the DoD by meeting the compliance requirements of the original GCC Platform. 

These include the Defense Federal Acquisition Regulation Supplement (DFARS), Federal Risk and Authorization Management Program (FedRAMP) High, Controlled Unclassified Information (CUI) requirements, and the Cybersecurity Maturity Model Certification (CMMC) 2.0 — while extending them to International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR).

How Does the GCC Environment Work?

GCC environment satisfies many compliance frameworks and requirements because of the elaborate security system for storing and processing data. Built on the Azure Government environment, the platform is entirely managed by cleared United States citizens who’ve undergone comprehensive background checks. It’s also hosted exclusively on eight dedicated data centers in the continental United States, allowing it to handle ITAR and EAR information while ensuring only vetted U.S. citizens can access the data. 

The design of the GCC environment is essentially a copy of the Microsoft 365 DoD in terms of functional capabilities. However, rather than only being accessible by DoD and agencies within it, the GCC environment is available to private organizations that would contract with the DoD. 

These are stark contrasts to the original GCC platform, which replicates Microsoft 365 Commercial environments but gets stored in a separate government-specific cloud within the same data center. This prompts certain GCC services to be run and supported by global Microsoft personnel, who may not be U.S. citizens or have the clearance to view highly-sensitive national security data.

GCC Environment Platform Licensing Requirements

For GCC environment license eligibility from Microsoft, the entity must complete a validation application confirming they are either a United States federal agency, state agency or department, local government entity, or tribal entity recognized by the federal government. Additionally, private commercial businesses that work with DoD and are subject to regulation due to their work also meet eligibility and can apply.  

Benefits of Moving to the GCC Environment Platform

Aside from the value of cost-scalability from investing in any cloud platform, the GCC environment provides organizations with numerous benefits from an operational and risk management point of view. Whether you’re upgrading from the original GCC product or transitioning directly into GCC environment, here are some benefits you can enjoy:   

Compliance Ready

The GCC environment was designed to be a powerful productivity system that meets numerous federal and information-security compliance demands. In addition to the primary regulatory frameworks fulfilled by Microsoft 365 GCC, such as DFARS, FedRAMP, CUI, and CMMC, it can meet extended ITAR and EAR data requirements. The GCC environment also has a Defense Information Systems Agency (DISA) Impact Level (IL) 5 rating.

Highly Secure

The security mechanisms of the GCC environment include hosting its cloud data only on eight specific United States data centers while receiving IT and product support entirely from cleared U.S. citizens. The platform also deploys tons of cloud computing security measures that award it a FedRAMP High certification, such as a system for user access control, awareness training for developers and maintenance teams, and platform incident response procedures — to name just a few.

Simple Cross Collaboration 

One thing that keeps GCC environment Platform compliant is that it removes built-in features, integrations, and data access that are ordinarily available to enterprise or regular GCC users. The positive result is that because of these detailed configurations that go into developing the GCC environment, there aren’t any additional steps its users need to take to collaborate within a team or across an organization. In other words, for GCC environments, users can easily share data files and communicate with other GCC Platform or Microsoft DoD users without any restrictions.  

Constant Domestic Support and Accountability

Purchasing licenses and administering the GCC environment requires contractors to go directly through Microsoft or a limited number of approved outside vendors — all of which provide professional and domestic product support. With that also comes a contractual guarantee from Microsoft that the platform’s infrastructure meets current DoD demands, plus new compliance requirements as they evolve.

Available GCC Environment Applications for DoD Contractors

The GCC applications for DoD contractors run on Microsoft’s Government cloud. While these tools and systems were already available to original Microsoft 365 GCC users, some have modular restrictions or feature limitations to maintain data security compliance. A common one, for instance, is not being able to share a file with anyone outside a GCC Platform or DoD environment. The leading cloud-based Microsoft apps available for the GCC environment include:   

• Azure Active Directory: Used to manage user access to resources and objects within a network, such as apps, online services, devices, and databases.  
• Defender for U.S. Government: Anti-virus software and email filtering system used to protect organizational endpoints from malware and other threats. 
• Forms for U.S. Government: Online survey tool used to obtain secure and fast responses, feedback, or information. 
• Intune: Device and application management system specifically designed for mobile objects such as phones, tablets, and laptops, as well as mobile applications.  
• OneDrive for U.S. Government: Online storage system used to secure, access, and share work files, plus collaborate on documents, slide decks, or spreadsheets.  
• Planner for U.S. Government: Task and project management tool to plan, coordinate, and monitor work-related activities. 
• Power Apps: Service used to build custom applications connectable to other apps and data within an organization. 
• Purview Information Protection: Document management system governing sensitive and classified information and documents across an organization.  
• SharePoint for U.S. Government: System used to manage, design, share, and collaborate on websites, web pages, knowledge resources, applications, and content.  

Teams for U.S. Government: Conferencing tool for messaging and conducting collaborative meetings through video or audio calls. 

MathCraft Now Offers GCC Platform

MathCraft Security Technologies is proud to announce that it NOW offers its security software products in the GCC environment for our customers to take advantage of. After it’s migrated to the dedicated GCC data centers throughout the continental United States, our customers will be able to maintain compliance and security while receiving support from approved U.S. personnel. 

Once finalized, defense contractors can reap the benefits of using tools that securely manage and process their cloud data while streamlining facility security operations and auditing procedures. The MathCraft applications that will get moved to the GCC environments include Access Commander for industrial security management, Portal Commander for cleared employee self-service and Facility Security Officer (FSO) oversight, and ViSi Commander for visitor management on cleared facilities.   

GCC Platform: Frequently Asked Questions (FAQs)

What are GCC Environments?

Microsoft 365 Government Community Cloud (GCC environment) is the platform created for DoD contractors and cleared personnel to securely run applications and host data. It runs on Azure Government’s cloud, replicates the Microsoft 365 DoD environment, and operates entirely in data centers within the United States exclusively by cleared U.S. personnel. These factors make GCC environment the industry-standard solution for compliance regulations like DFARS 7012, FedRAMP High, CMMC 2.0, ITAR, EAR, and CUI.  

Is GCC Platform ITAR compliant?

Yes. The GCC environment’s stringent and centralized data management makes it so that only United States citizens who’ve passed a thorough background check can support the users, maintain the servers, and operate data centers. Additionally, all GCC environment data is hosted at one of eight data centers located in the United States. These are specific requirements set forth by ITAR — making GCC Platform ITAR compliant.    

What is Available in the GCC Environment Platform?

Many user-favorite platforms, tools, and applications from Microsoft 365 are available in the GCC environment. Some are limited in capabilities as they are built specifically for the U.S. Government customers and contractors managing sensitive information. These include Azure Active Directory, Microsoft Defender, Forms, Intune, OneDrive, Planner, Power Apps, Purview Information Protection, SharePoint, and Teams.   

Is the GCC Environment IL5?

Yes. GCC environment has the cloud security measures required to meet the Defense Information Systems Agency (DISA) Impact Level (IL) 5 rating. These controls and security mechanisms make it an allowable cloud platform to manage DoD CUI and national security systems (NSS) below “Top Secret” status. 

What is the Difference Between GCC and GCC Environment?

When looking at Microsoft 365 GCC vs. GCC environment, while they each offer a cloud-hosting solution to federal government contractors, their compliance capabilities and data-security mechanisms create some distinct contrasts:

• GCC replicates the Microsoft Commercial environments, while the GCC environment Platform replicates Microsoft DoD’s environment.
• Though segmented from commercial servers, GCC is hosted in the Azure Commercial data centers, while the GCC environment Platform has dedicated Azure Government data centers. 
• While both are hosted in the United States, GCC may use global customer support for specific apps and services. In contrast, the GCC environment Platform exclusively uses restricted U.S. citizens subject to robust background checks.  
• Because of the domestic security systems in place, the GCC environment Platform complies with the same frameworks as GCC while adding ITAR and EAR.  

Are there any GCC Environment Platform Limitations?

Yes, upgrading to a GCC environment has a few challenges and drawbacks. For instance, the advanced security and compliance-management controls prevent users from being able to share data with anyone not using the Microsoft 365 DoD or 365 GCC platforms. These same mechanisms also limit the number of third-party integrations available and restrict specific Microsoft productivity tools from working at total capacity. 

Upgrade Your Environment with MathCraft

Today’s cyber threat landscape and new compliance updates on national security require sophisticated cloud solutions for accessing, transmitting, and sharing sensitive data. Microsoft’s GCC environment provides a compliance-ready platform to private defense contractors and cleared personnel with the security and data management benefits of Azure Government environments and Microsoft 365 DoD. 
Contact us today to learn how our access, visitor, and portal management software suite, now managed in GCC environments, helps FSOs automate and organize their industrial-security compliance needs to support personnel vetting and other NISPOM and DoD requirements.