What is GCC High and How Does It Impact SharePoint and Office 365?

What is GCC High?

Microsoft’s Government Community Cloud High (GCC High) is a highly robust and secure cloud platform, created to meet the stringent security requirements of the DoD. To understand in more detail what GCC is, its capabilities and limitations, and for what organizations it is most suited, is, it is important to have basic knowledge of some concepts.

The first concept is the cloud. The cloud refers to software and services that run on the internet. You can access them through a Web browser such as Firefox and Google Chrome. Services such as Netflix, Yahoo Mail and Spotify are cloud services. You can get access to them by having a device with an internet connection. You do not need to have them stored on your computer.

The second concept is cloud-computing. Cloud-computing is the act of providing cloud services for businesses or individuals.

The third concept is GovCloud. This refers to cloud-computing solutions created for government agencies, institutions, and organizations.

The Microsoft Government Cloud is a cloud platform designed only for the US Federal, State and Local Governments. It aims to meet the US government’s strict security and compliance regulations such as FedRAMP, CJIS, and HIPAA. It also aims to meet the specific requirements of GovCloud.

It is stored in the Microsoft Azure data centers in the US and only background checked Microsoft employees have access to it. The Microsoft Government Cloud provides a cloud platform that is secure to protect sensitive information that belongs to the US government. Microsoft provides three types of government cloud:

• Government Community Cloud (GCC) for local, civilian and federal government agencies.
• GCC High for highly classified government users and the people who do business with them.
• Department of Defense (DoD) cloud for intelligence agencies.

Who can use GCC High?

Anybody who is eligible to use Microsoft Government Cloud can use GCC High. This usually includes:

1. A federal agency such as a bureau, office, agency, department or any other entity of the US government
2. A state or local entity
3. A tribal entity which is recognized by the US government and is eligible for funding and services from the US Department of Interior
4. Non-governmental organizations and commercial private entities that hold data such as:
5. International Traffic in Arms (ITAR)
6. Controlled Unclassified Information (CUI)
7. Department of Defense (DoD) Unclassified Controlled Nuclear Information (UCNI)
8. Department of Energy (DoE) UCNI
9. Criminal Justice Information (CJI)
10. Department of Defense Impact Level Data
11. Other types of data that need Microsoft 365 Government

What are the benefits of GCC High?

GCC High is important for various reasons. Some of them are:

1. Exclusivity: GCC High is available to government agencies or departments. It is available to federal contractors that need to meet the stringent cyber security and compliance requirements of NIST 800-171, FedRAMP HIGH, ITAR. It is also available to federal contractors who need to manage CUI and CDI. Commercial companies that have authority to hold process-controlled information on behalf of the US government may also have access to GCC High.
2. Compliance: GCC High complies with many different US government information and cybersecurity regulations. Some of these regulations include CMMC, CJIS Policy, ITAR, FedRAMP High, and DFARS 7012.
3. Verified personnel: Only Microsoft personnel who are US citizens and have passed all the required background checks have access to your GCC High content.
4. Third-party Audits: A certified third-party auditor is in charge of auditing the infrastructure used by GCC High. The auditor also provides security assessment reports or attestation letters used by federal agencies to issue an Authorization to Operate (ATO).
5. Storage: Data that belongs to an organization that uses GCC High is stored within the continental United States with compliant infrastructure. GCC High has commitments which include FedRamp High, ITAR, DFARS, and DISA SRG L4 controls.
6. Security: GCC High is important because it provides a high level of security for its users. Only few people have access to the information on the GCC High, so it is less likely to be hacked. It also meets various levels of security testing that protects its information.

What are the limits of GCC High?

As important as GCC High is, it is not without its limitations:

Limited access to third party integrations

Third party integrations are limited on GCC High. Therefore, some third-party Office 365 tools may not function. You may have to examine the third-party integrations you already have to decide what works and what does not work.

Limited information sharing

GCC High users can only share information with DoD and GCC High tenants. This can be a problem when your company has operations that are not within CUI or DoD contracting.

How does GCC High impact SharePoint and Office 365?

GCC High and SharePoint

SharePoint is a website-based collaboration and management system that can help your team work remotely and work together. SharePoint uses various workflow applications, web parts and security features to allow your company to work smarter.

SharePoint is available for GCC High environments. However, some of the features and functionalities available on SharePoint are not available on GCC High. Some of the features both platforms share in common are:

1. Developer features
2. IT admin features
3. Security and compliance features
4. Sites and content
5. Search features

Stored data and other content on SharePoint can be migrated to GCC High using one of the migration tools on the market or with the help of a migration partner like i3solutions.

GCC High and Office 365

Microsoft Office 365 is a set of subscription plans that give you or your company access to the Microsoft Office software suite. GCC High is an offering of Office 365. However, Office 365 staff do not have access to GCC High consumer content. Only staff who have passed the following background checks can have access to GCC High content:

• US Citizenship: Verification of US citizenship
• Employment History Check: Verification of seven (7) years of employment history
• Education Verification: Verification of highest degree attained
• Social Security Number (SSN) Search: Verification that the provided SSN is valid
• Criminal History Check: A seven (7) year criminal record check for felony and misdemeanor offenses at the state, county, local and federal levels
• Office of Foreign Assets Control List (OFAC): Validation against the Department of Treasury list of groups with whom US persons are not allowed to engage in trade or financial transactions
• Bureau of Industry and Security List (BIS): Validation against the Department of Commerce list of individuals and entities barred from engaging in export activities
• Office of Defense Trade Controls Debarred Persons List (DDTC): Validation against the Department of State list of individuals and entities barred from engaging in export activities related to the defense industry
• Fingerprinting Check: Fingerprint background check against FBI databases
• CJIS Background Screening: State-adjudicated review of federal and state criminal history by state CSA appointed authority within each state that has signed up for the Microsoft CJIS IA program.

As an organization looking for software development, portal or migration services, you might be considering whether or not to use GCC High. It is important to consider the particular IT and security needs of your company and your company’s resources before making a decision. If you decide to use GCC High, i3solutions can help your organization harness the benefits to make your work processes smoother. Contact us today to get started.

Kelli Beaugez

See Full Bio