banner-why-daymark.jpg

Information Technology Navigator

Tips, Advice & Insights from Technology Pros

What Level of GCC is Right for You?

Posted by Ken Bergeron

Tue, Feb 01, 2022

what-level-of-cmmc-is-right-for-you

Microsoft 365 GCC vs. GCC High

How do you know which level of GCC is right for you? Here’s key criteria to help you distinguish GCC and GCC High so that your organization makes the move to the right cloud.

Government Community Cloud (GCC)

You can think of GCC as a government version of the Microsoft 365 commercial environment. It resides on the Azure Commercial infrastructure and has many of the same features, but servers must be located in the continental United States (CONUS) as mandated by FedRAMP Moderate. Although the servers are only in CONUS, access to data is available on a global basis. In general, non-defense-related government agencies and contractors can deploy GCC. 

It provides Microsoft 365 functionality and requires fewer approvals and background checks. However, GCC deals with Federal Contract Information (FCI) compliance requirements and does not meet requirements for International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR) and most Controlled Unclassified Information (CUI) and Controlled Defense Information (CDI) handling. 

What is GCC High?

Moving to GCC High is the better choice to secure the above-mentioned types of government data. GCC High provides security, intelligence, and collaboration capabilities to help protect data, increase efficiencies and enhance communication. If you work with highly sensitive CDI or CUI, then GCC High is the cloud infrastructure that will ensure compliance with regulations like NIST 800-171, FedRAMP High and ITAR. GCC High is technically a copy of the DoD cloud but exists in its own sovereign environment.

GCC High meets the compliance requirements for the following certifications and accreditations:

  • Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2
  • The Federal Risk and Authorization Management Program at FedRAMP High, including those security controls and control enhancements as outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-53.
  • The security controls and control enhancements for United States Department of Defense Cloud Computing Security Requirements Guide (SRG) for information up to Impact Level 4 (L4).

Taking the Next Steps

Hopefully this clears up some confusion on the differences between GCC and GCC High. If you’re ready to get started, contact us. Our Government Services Team is ready to walk you through the steps required to meet Microsoft's Cloud Services eligibility

How Can We Help?  Speak With An Expert

About

Daymark Solutions is an experienced technology integration and solutions provider that helps organizations throughout North America effectively architect, implement, and deploy customized solutions to help their clients grow and scale their IT infrastructure. Specializing in data center infrastructure and cloud solutions, Daymark’s unique combination of in-depth technical knowledge, extensive experience, and proven methodologies enable its clients to successfully address even the most difficult technology challenges.

Connect

    

Links

Contact

Corporate Headquarters
Daymark Solutions
131 Middlesex Turnpike
Burlington, MA 01803

Corporate: +1 781-359-3000

Email: info@daymarksi.com

© 2024 Daymark Solutions, Inc. All rights reserved.  |  Daymark Privacy Policy