Illustration of a boy playing an arcade game to grab a cloud with a crane arm and a sign saying

GCC High Buyer’s Guide

The GCC High Buyer's Guide is a flight manual for organizations to make informed decisions around leveraging evaluating Microsoft 365 GCC High for compliance with DFARS, CMMC, and U.S. export controls.

Lessons Learned from Experience.

Steel Root specializes in helping defense contractors adopt GCC High for DFARS compliance and CMMC readiness.

We built the Buyer’s Guide to share the lessons we’ve learned from building secure, compliant IT environments in GCC High and Azure Government. The guide covers topics such as:

– What is GCC High?
– Do I Need GCC High for CMMC Level 2?
– Questions to Ask Cloud Service Providers About Compliance
– Licensing Strategies and Tips
– Questions to Help Determine Licensing Needs
– Recommended License Packages
– Where and How to Buy GCC High Licensing
– Is GCC High CMMC Compliant Out-of-the-Box?
– Links and Resources

Related Resources

CUI Marking & Identification Guide

A guide to understanding Controlled Unclassified Information, how to identify CUI in your organization, and how to correctly mark information as CUI.

Learn More

Zero Trust Strategies for DoD Compliance

As today's dominant security paradigm, zero trust moves cybersecurity defenses away from network-based security perimeters toward individual resources like user identities and devices. For defense contractors, adopting a zero-trust strategy...

Learn More
Steel Root Illustration of a salesmen high pressuring a frustrated customer.

MSP Maturity Check

Managed Service Providers (MSPs) are increasingly targeted by attackers for the privileged access they hold in multiple customer environments. The MSP Maturity Check includes questions you can use to vet...

Learn More