FIPS Mode Required for Compliance in GCC High Cloud Environments
Government agencies and contractors must enable FIPS mode on Microsoft GCC High virtual machines to meet compliance. This requirement impacts procurement contracts, emphasizing vendor support for FIPS activation and endpoint encryption management.
Key Signals
- GSA requiring FIPS enforcement in Microsoft GCC High for compliance standards.
"To actually enforce FIPS on the AVD session hosts, you'll need to enable it explicitly, via Group Policy if hybrid-joined, or Intune Settings Catalog if Entra-joined. Microsoft doesn't enable it for you by default; that's on the customer side of the shared responsibility line."
Organizations utilizing Microsoft GCC High cloud services need to ensure FIPS mode is explicitly enabled for their Virtual Desktop Infrastructure (VDI) sessions. Proper enforcement is crucial for compliance and security in federal environments.
- Procurement professionals must ensure contracts clearly outline FIPS compliance responsibilities, especially regarding endpoint encryption and policy management.
- Agencies managing GCC High VDI must prepare for the manual activation of FIPS mode on session hosts to adhere to federal cryptographic standards.
- Device management vendors should enhance support for FIPS mode activation workflows, addressing the issues related to encrypted drives and policy sequencing.
- This situation underscores the shared responsibility between Microsoft and customers, highlighting the necessity for precise procurement specifications and technical expertise in secure cloud implementations.
Agencies
- General Services Administration
Vendors
- Microsoft
Sources
- InTune and FIPsreddit-cmmc · Apr 12
- For you GCC-H users, got a FIPS questionreddit-cmmc · Apr 16