Microsoft cloud gets Pentagon's top security rating

Shutterstock image (by bestfoto77): cloud network security lock. 

The Pentagon has given the highest security rating for unclassified data to Microsoft's federal cloud offerings, Azure Government and a Defense Department-specific iteration of Office 365. The Microsoft services were granted Level 5 provisional authority to operate certification.

According to Microsoft, the rating makes it the first and only cloud provider that can offer a complete DOD cloud solution that is approved at that security level for controlled unclassified information (CUI).

In a blog post, Tom Keane, general manager for Microsoft Azure, explained that the Microsoft offerings achieved the security level because of "dedicated infrastructure that ensures physical separation of DOD customers from non-DOD customers."

The company said it has built multiple data centers to provide DOD with exclusive services for Azure and Office 365 U.S. Government Defense services.

Microsoft already has FedRAMP High, FedRAMP Moderate and FedRAMP Accelerated approvals under the General Services Administration's Federal Risk and Authorization Management Program.

The addition of DOD Level 5, the company said in a statement, that it will give its customers the capability to build applications that maintain CUI data requiring over Level 4 protection when necessary. Microsoft  said its government-only infrastructure offers more protection because its data centers are hardened, geographically dispersed and operated by screened personnel.

Categories of information in Level 4 include, but are not limited to, export-controlled information such as technical specifications, law enforcement sensitive information, protected health information and some personally identifiable information. Level 5, according to DOD, "accommodates CUI  that requires a higher level of protection" and also includes unclassified National Security Systems.

In a cloud security guide issued by the Defense Information Systems Agency in March 2016, officials said they were taking a "cautious approach with regard to Level 5 information," because of risks associated with shared cloud environments and legal concerns.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group