Security and compliance are top of mind for government IT organizations. It is important for these enterprises to have the ability to deploy applications on a commercial cloud platform that adheres to strong baseline security controls.

U.S. Federal agencies and many non-government organizations are dependent on various standards and security assessments to ensure their systems are operating in controlled environments. One such standard is NIST Special Publication 800-53, which provides a library of security controls to which information technology systems should adhere. NIST 800-53 defines three security baselines: low, moderate, and high. The number of security controls that need to be met increases from the low to high baselines, and agencies elect to meet a specific baseline depending on the requirements of their systems. The Federal Risk and Authorization Management Program (FedRAMP) further expands upon the NIST 800-53 controls by including additional security requirements at each baseline. FedRAMP is a program that ensures cloud providers meet stringent Federal government security requirements.

When an agency elects to deploy Docker Datacenter for production use on a commercial cloud like Azure Government, they must complete a security assessment and grant the system an Authorization to Operate (ATO). Building on Microsoft’s investments in Azure Government compliance at the FedRAMP Moderate and High baselines, an agency that deploys Docker Datacenter on Azure Government must only authorize the components of its system that extend its accreditation boundary beyond the Azure baseline.

