Back in October, Azure Government Engineering announced the initial release of the Azure Blueprint program which facilitates the secure and compliant use of Azure for government agencies and third-party providers building on behalf of the government. Microsoft yesterday announced the release of Azure Blueprint for the FedRAMP High Baseline.
This release includes documentation to assist Azure customers with documenting their security control implementations as part of their individual agency ATO processes. The FedRAMP High Baseline Customer Responsibility Matrix (CRM) and System Security Plan (SSP) template are designed for use by Program Managers, Information System Security Officers (ISSO), and other security personnel who are implementing and documenting system-specific security controls within Azure.
The FedRAMP High CRM explicitly lists all control requirements that include a customer implementation requirement. This includes both controls with a shared responsibility between Azure Government and Azure customers, as well as controls that are fully implemented by Azure customers.
Read about it in detail here.