Common use of Government Community Cloud Services Clause in Contracts

Government Community Cloud Services. Office 365 US Government Community Cloud (GCC) services are provided only from data centers physically located within the United States. The following Customer Data is stored at rest in data centers physically located within the United States: • Exchange Online mailbox content (email bodies, calendar entries, and the content of e-mail attachments); • SharePoint Online site content and the files stored within that site; and • Skype for Business archived conversations, uploaded documents, and whiteboarding session. References to geographic areas in the Use Rights with respect to the location of Customer Data at rest, as set forth in the Use Rights, refer only to the United States. Customer Data will be logically segregated from customer content in Microsoft's commercial Office 365 Services. Additional European Terms, as set forth in the Use Rights, will not apply to GCC Services. Access to Customer Data in the GCC by Microsoft personnel is restricted to personnel who are US citizens. These personnel undergo the following background investigations in accordance with relevant government standards. Background Screening GCC GCC High and DoD Verification of US Citizenship Yes Yes Employment History Check Yes Yes Education Verification Yes Yes Social Security Number (SSN) Search Yes Yes Criminal History Check (7 year) Yes Yes Office of Foreign Assets Control List (OFAC) Yes Yes Bureau of industry and security List (BIS) Yes Yes Fingerprint-based check of FBI criminal databases Yes Yes CJIS Criminal Background Check Yes No DOD IT-2 based on OPM Tier 3 Investigation No DOD SRG L5 Tenants Only NIST 800-53 and FedRAMP. Government Community Cloud Services are operated in accordance with a written data security policy and control framework that are consistent with the requirements of NIST 800-53, or successor standards and guidelines (if any), established to support Federal Risk and Authorization Management Program (FedRAMP) accreditation at a Moderate Impact level (except that Azure Government supports accreditation at a High Impact Level). Microsoft intends for Government Community Cloud Services to support FedRAMP ATO’s and Microsoft will use commercially reasonable efforts to obtain an Authority to Operate (ATO) from a Federal agency, and to maintain such an ATO by conducting regular FedRAMP audits and through continuous monitoring processes.