Although cloud computing has emerged as a hot topic only in the
past few years, Microsoft has been running some of the largest and
most reliable online services in the world for over 16 years. Our
cloud infrastructure supports more than 200 cloud services, 1
billion customers, and 20 million businesses in over 76 markets
worldwide.
Today, I am pleased to announce that Microsoft's cloud
infrastructure has achieved another milestone in receiving its
Federal Information Security Management Act of 2002 (FISMA)
Authorization to Operate (ATO). Meeting the requirements of FISMA
is an important security requirement for US Federal agencies. The
ATO was issued to Microsoft's Global Foundation Services
organization. It covers Microsoft's cloud infrastructure that
provides a trustworthy foundation for the company's cloud services,
including Exchange Online and SharePoint Online, which are
currently in the FISMA certification and accreditation process.
This ATO represents the government's reliance on our security
processes and covers Microsoft's General Support System and follows
NIST Special Publication 800-53 Revision 3
"Recommended Security Controls for Federal Information Systems and
Organizations."
Government organizations require specialized compliance and
regulatory processes. Operating under FISMA requires transparency
and frequent security reporting to our US Federal customers. And we
are applying these specialized processes across our infrastructure
to even further enhance our Online Services Security &
Compliance program. The company has been designing and testing our
cloud applications and infrastructure for over a decade to
continually address emerging, internationally-recognized standards.
We are focused on excelling in demonstrating our capabilities and
compliance with these laws and with our stringent internal security
and privacy policies. As a result, all our customers can benefit
from highly-focused testing and monitoring, automated patch
delivery, cost-saving economies of scale, and ongoing security
improvements.
Microsoft's Chicago datacenter (a FISMA-approved facility),
provides over 17 football fields worth of cloud computing
capacity.
The company opened its first datacenter in September 1989 and
today its globally-distributed, high-availability datacenters are
managed by our Global Foundation Services (GFS) group. GFS's Online
Services Security & Compliance team has built upon the
company's existing capabilities, including being one of the first
major online service providers to achieve our ISO/IEC 27001:2005
certification and SAS 70 Type II attestation, which also met the
FISMA requirements. We have also gone beyond the ISO standard,
which includes some 150 security controls and developed over 300
security controls to account for the unique challenges of the cloud
infrastructure and what it takes to mitigate some of the risks
involved. The additional rigorous testing and continuous monitoring
required by FISMA have already been incorporated into our overall
information security program, which is described in several white
papers located our Global Foundation Services web
site.
More information about FISMA is available at the National
Institute of Standards and Technology web site.
Read More >>
