Scribd Logo
Upload

Welcome to Scribd!

  • Microsoft Cloud Recommended Decision Process

    Uploaded by

    Ryan Bonner
    243 views1 page
    Decision flow for DoD contractors housing CDI or CUI.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Decision flow for DoD contractors housing CDI or CUI.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    243 views1 page

    Microsoft Cloud Recommended Decision Process

    Uploaded by

    Ryan Bonner
    Decision flow for DoD contractors housing CDI or CUI.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Microsoft Cloud Recommended Decision Process*

    Do you do business with the US


    Government? No Commercial
    (~10K+ DiB’s operating in the US Cloud
    today)

    Yes
    US Gov. Cloud
    Did you receive a “DFARS” (DFARS Are you planning
    252.204-7012) memo from your to put CDI / CUI –
    DoD Mission owner or the DoD CIO
    Yes Do you hold Yes
    ITAR / EAR data
    Yes GCC HIGH
    CDI/CUI data? DODCON Skus
    Procurement office, OR do you in a cloud now, or
    have ITAR / EAR Requirement? in the future?

    No No No

    GCC
    GOVCON Skus
    Talking Points

    1. Note in either case a“500” seat minimum purchase is required (only “E” SKU’s count towards valid licenses)
    2. For DoDCON customers recommended configuration
    • E3 + EMS E3 + ATP for all users
    • E1 to fulfill 500 seat requirements (Essentially not used)
    • “No Discounts” Level A-D still exist but no additional discounting of any kind on GovCON or DoDCON SKU’s
    3. Liabilities for failure to comply with new regulations GCC – Government Community Cloud
    • Export control laws provide for substantial penalties, both civil and criminal. Failure to comply with ITAR can result in civil fines as high DFARS – Defense Federal Acquisition Regulation
    as$500,000 per violation, while criminal penalties include fines of up to$1,000,000 and 10 years imprisonment per violation. Under EAR,
    maximum civil fines can reach$250,000 per violation. Criminal penalties can be as high as$1,000,000 and 20 years imprisonment per Supplement
    violation. From http://whatis.techtarget.com/definition/ITAR-and-EAR-compliance. ITAR – International Traffic in Arms Regulation
    4. What’s new? EAR – Export Administration Regulation
    • More DiB’s have been prosecuted in last 9 months than the in the last 8 years. CDI – Covered Defense Information
    • If violation is severe, a possible remedy could be permanent disbarment from doing business with the DoD (Although rare) CUI – Controlled Unclassified Information
    DiB’s – Defense Industry Base
    * This is a recommendation only, customers are the ultimate decision makers on which cloud to adopt to meet their compliance needs.

    You might also like