top | item 37545613

(no title)

I know what I’m going to bring up in my CMMC compliance call tomorrow.

The university I am an information security engineer for has been working for years to become CMMC level 2 compliant.

Penn State using public cloud (assuming Azure) and the commercial Office 365 would place them about 18-24 months away from being able to pivot to GCC or GCC-High. That is assuming they have the staff and capabilities to do this.

That doesn’t include all of the policies and other paper processes that need to happen.

Hopefully there are consequences for this level of deception.

discuss

Mizoguchi|2 years ago

Doesn't Azure have a separate cloud exclusively for the US goverment? If so why would they use the commercial one?

revengeforbees|2 years ago

They do, there is GCC, and GCC-High. There are a number of reasons why, but the most common would probably be the additional cost of resources and staffing.

Feature for feature, the core functionality is the same. There’s more overhead in GCC and some features in public are delayed in implementation.

helsinkiandrew|2 years ago

The gov cloud is atleast 10-30% more expensive