Office 365 GCC solutions are now FedRAMP High SAR (read more). With this, enterprise instant messaging software has become an imperative for the associated organizations.
What is Microsoft GCC?
The Microsoft Office 365 Government Community Cloud (GCC) is a cloud-based solution powered by Azure Government, with data centers in the continental United States (CONUS) to help organizations ensure compliance with cybersecurity regulations and federal laws. The Microsoft GCC solutions are available for use by private organizations and government agencies that aspire to comply with regulations such as FedRAMP, CMMC, and DFARS 7012.
Office 365 DoD and GCC High
The Government tier of Microsoft 365 focused on the United States Department of Defense is DoD. Although identical to GCC High, the target audience and applicability differs when it comes to 365 DoD. Principally, no contractors or outside personnel have access to the data that resides in this cloud environment.
The only difference between DoD and GCC High for Microsoft 365 solutions is that the GCC High exists in its own sovereign environment and does not offer features such as Calling Plans, Compliance Manager, and Defender ATP, etc. Finally, GCC High is applicable to the Defense Industrial Base (DIB), Federal Agencies, and DoD contractors.
What is FedRAMP?
Initiated by the Office of Management and Budget (OMB), the Federal Risk and Management Program (FedRAMP) is a cyber security risk management program that delivers a standard approach for the purchase, use, and security of cloud products and services used by U.S. federal agencies.
FedRAMP compliance requirements
The Cloud First Policy formulated in the US advises all federal agencies to use FedRAMP as a framework for assessing and monitoring cloud services. Following are the key requirements for FedRAMP compliance:
- The cloud service provider (CSP) has the rights as an Agency Authority to Operate (ATO).
- The CSP meets all the security control requirements, including mobile archiving and call archiving, as prescribed by FedRAMP and described in the National Institutes of Standards & Technology (NIST) 800-53, Rev. 4 security control baseline for moderate or high impact levels.
- The CSP must be assessed by an approved third-party assessment organization (3PAO).
- The security assessment package must be saved in the FedRAMP secure repository.
Benefits of working with a FedRAMP-Authorized CSP
First of all, a FedRAMP authorized CSP helps businesses maintain compliance while securing sensitive data. The prescribed security controls are robust enough to include mobile compliance as a key measure. This also helps businesses to perform mobile call monitoring and mobile archiving to secure sensitive data.
Setting up connector to archive enterprise number data
Relating back to the Microsoft 365 GCC solutions, it is important to realize that a FedRAMP compliance is achieved successfully only when the right connections are established for the flow of data from mobile devices. Notably, the best mobile archiving solutions for such purposes are the ones that allow Microsoft 365 compliance centers to import and archive SMS, chat messages, and voice call recordings from the enterprise instant messaging software. A more detailed guide about how a connector can be setup to archive data from TeleMessage Enterprise Number Archiver is offered by Microsoft.
Archive all employee mobile communication into Microsoft 365 for Government Agencies
The Microsoft GCC cloud now includes built-in connectors for Mobile Archiving: capture, store, and monitor all mobile interactions of regulated employees for compliance scenarios inside their FedRAMP Microsoft 365.
Mobile communication can be ingested directly from mobile carriers such as Verizon, AT&T, as well as the FirstNet network.
Agencies can capture communication from mobile apps such as WhatsApp and Signal, SMS, MMS and Calls from Android devices, and more.
The mobile communication integrates with Microsoft Compliance solutions such as Information Governance, Advanced eDiscovery, and Communication Compliance, allowing a single repository for recording and archiving all mobile communication, for compliance with FOIA, NARA and Public Records requirements.
For more information check the Microsoft Archiving Connectors page
What is NIST SP 800-53?
Created by the U.S. Department of Commerce and the National Institute of Standards in Technology, NIST 800-53 is a security compliance standard applicable to organizations processing or retaining sensitive or regulated data. More details about the recent changes in the NIST SP 800-53 standard can be accessed here: NIST SP 800-53 Revision 5.
Risk Management Framework for Information Systems and Organizations
The accurate risk management process is detailed by NIST in the Risk Management Framework (RMF) for Information Systems and Organizations. From risk identification and measurement to mitigation and reporting, the RMF covers all aspects of an effective risk management process.
The key to all these activities for any entity aspiring to comply with regulatory standards is the implementation of security controls that include capturing mobile text messages and monitoring phone calls as a part of the entity’s sensitive data security agenda.
Security and Privacy Controls for Federal Information Systems and Organizations
These controls are a catalog of security and privacy controls prescribed for federal information systems and organizations and apply to all entities that process, store, or transmit federal informatio. They are aimed at achieving secure information systems within the federal government. Therefore, when related to the use of Microsoft GCC, a business must proactively capture mobile text messages and monitor phone calls to ensure that all communications linked with federal bodies are archived in the 365 repositories.
Capturing and archiving mobile communication
Data from across all mobile communications must be captured, archived and monitored from a regulatory compliance standpoint. However, the real benefit is in maintaining eDiscovery and being resilient.
Any mobile archiving solution must enable businesses to record mobile text messages and voice calls. The real requirement for businesses looking to comply with the regulatory standards illustrated above are in proactively archiving and monitoring the mobile communication. While capturing mobile messages is one of the steps to ensuring mobile compliance, it is important to cover all possible mobile communication channels.
Enabling regulatory compliance
From ensuring mobile compliance with regulatory standards to proactive monitoring for alerts on sensitive data access, a mobile archiving solution must enhance and maintain the preparedness required for a regulatory investigation. Ultimately, it must allow businesses with the oversight of the status of compliance.
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
- Network Archiver
- Enterprise Number Archiver
- Android Archiver
- WhatsApp Archiver
- WeChat Archiver
- Signal Archiver
- Telegram Archiver
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.