We’re excited to announce that Azure NetApp Files now meets the stringent criteria for the U.S. Federal Risk and Authorization Management Program (FedRAMP) High Impact Level for commercial services.
Microsoft is a leader in FedRAMP-certified services, with Azure NetApp Files now joining the 37 Azure services already FedRAMP-certified at the High Impact Level. Numerous other Azure services are on track for High Impact Level certification later this year. Azure continues to support more services at FedRAMP High impact levels than any other cloud provider.
Achieving FedRAMP High means that Azure NetApp Files services meet the demanding requirements of the FedRAMP High designation, making it easier for more federal agencies as well as state, local, and other sectors to take advantage of the unique capabilities of Azure NetApp Files for enterprise workloads such as virtualization, SAP, high-performance analytics, and database requirements. The FedRAMP High certification follows the growing list of compliance and certifications for Azure NetApp Files, which includes recently achieving HIPAA compliance for healthcare customers.
Azure NetApp Files Delivers Enterprise-grade Security and Performance
As a fully managed, Azure first-party service, Azure NetApp Files provides a unique solution for enterprise workloads, including HPC and SAP, that require secure, scalable, high-performance file shares. Enterprises running massive file-based applications with high-reliability/high-availability needs receive on-premises-like or better performance, low latency, and high security with rich data-management capabilities. Because Azure NetApp Files is a Microsoft service powered by NetApp, you can consume its file storage service offerings as part of your already agreed upon Azure commits.
We are committed to ensuring that our services for all levels of government and enterprise customers provide the best possible cloud file storage, and that all Azure NetApp Files offerings are certified at the highest level of FedRAMP compliance.
What is FedRAMP?
FedRAMP is a U.S. government-wide risk management program established to support the Cloud-First Policy rolled out in 2011. The goal of the program was to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services to help government agencies quickly migrate from old, unsecure legacy IT to secure, cost-effective, cloud-based IT. The intent was to both standardize and accelerate government agencies’ adoption of cloud solutions and ensure that all the providers they worked with met consistent security standards. The program was also intended to save expenses, time, and resources by employing a “do once, reuse many times” approach.
It is the Federal Information Security Management Act (FISMA) that defines the IT security requirements that federal agencies need to meet. These requirements are further explained in Publication 800-53 from the National Institute of Standards and Technology (NIST). But, because FISMA was passed in 2002, long before the Cloud-First mandate, there was confusion about how the standards and guidelines affected the adoption of cloud services. FedRAMP was the answer, and the Office of Management and Budget now requires all executive federal agencies to use FedRAMP to validate the security of all cloud services they use.
Cloud service providers demonstrate FedRAMP compliance through an Authority to Operate (ATO) or a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB). FedRAMP authorizations are granted at three impact levels—slow, medium, and high—based on NIST guidelines. There are now more than 120 federal agencies and more than 160 industry partners actively engaged with the FedRAMP program.