As DoD contractors look for solutions to update their IT infrastructure to be in compliance with current DFARS law and prepare for CMMC, many are wondering whether they need Microsoft’s Government Community Cloud (GCC) offerings to meet this challenge.
The short answer is no, private sector DoD contractors are not required to use Microsoft GCC or GCC High for DFARS, CMMC, or ITAR. There are other solutions on the market that meet many of the requirements of NIST 800-171. However, in many cases it’s the best option.
Here are the reasons why a DoD contractor might find GCC/GCC High to be their best option:
- They already use Microsoft 365: Due to the fact that a large percentage of businesses in the United States use Microsoft 365’s suite of office products, it makes sense for them to use GCC and GCC High because it is the same tools their teams are familiar with, yet on a compliant infrastructure that fulfills many of the requirements of NIST 800-171.
- It’s mostly an all-in-one solution: Because it is an all-in-one office solution that fulfills many of the requirements of NIST 800-171, it alleviates the need for companies to “hodgepodge” many different office solutions together to meet compliance, which could increase overall costs depending on needs.
- Their customer (DoD or a Prime) is using GCC/GCC High: Many contractors find that their customer is already using GCC/GCC High and it would be easier to communicate sensitive information with them if they are on the same platform.
- GCC/GCC High satisfies most of NIST 800-171: Moving to GCC will fully or partially comply with approximately 75% of the NIST 800-171 controls
- GCC High is ITAR compliant: Moving to GCC High will fully or partially comply with approximately 75% of the NIST 800-171 controls PLUS all of their ITAR requirements
Our Advice for DoD Contractors
There is no one-size-fits-all approach to DFARS and CMMC compliance. Every company has its own unique situation and therefore we advise working with a consultant like SysArc, to help DoD contractors find the best path forward.
Due to our expertise of helping hundreds of DIB suppliers with DFARS/CMMC compliance, our team can work with you to understand your unique situation and help you decide on the most cost effective solution while fulfilling the most compliance requirements possible.
If you are considering implementing Microsoft’s Government Community Cloud (GCC) offerings, and migrating your company’s current data, consider our Microsoft GCC Migration Services. We’ve helped hundreds of DoD contractors throughout the United States over the last several years navigate the complexities of DFARS 7012, NIST 800-171, 800-53 and CMMC. Through our expertise, we’ve been able to save DoD contractors time and money as they update their systems to comply with current DFARS 7012 law and prepare for upcoming CMMC audits. We would love to help you too. Give us a call or request a consultation.