cybersecurity

DoD Transitioning From CVR to Microsoft Office 365 IL5

The past year ushered in rapid change in the way businesses communicate. In the Spring of 2020, in-person meetings and face-to-face collaboration took a backseat to remote conferencing for businesses as well as the Department of Defense (DoD).

Like many companies affected by the pandemic, the DoD scrambled to adopt a remote teleworking scenario. While not the most secure environment for the DoD, the choice was made to utilize what was called a Commercial Virtual Remote (CVR) environment. This provided teleworkers access to Microsoft Teams and Office 365 applications in a lock-down environment.

Over the Summer of 2020, the Defense Information Systems Agency (DISA) began plans to replace the temporary CVR rollout. Now a little over a year later the CVR is being “sunset” and will be replaced with a more secure platform from Microsoft in an IL5 accredited environment. The platform is being called a variety of names depending on the branch ranging from Flank Speed, IL5, to DoD365, but it is all just Microsoft 365 in Azure Government.

Microsoft 365 Government (DoD)

What does this mean for the Defense Industry Base (DIB)?

To answer the question, you will need to understand the transition and what is happening. As shown in the diagram above, the DoD is transitioning from a commercial cloud to a government cloud on Azure Government. Now when a DoD team invites a contractor not in Azure Government to a meeting that contractor will need to run Teams in a private browser and join as a guest if the DoD will even allow the configuration to let in guests to meetings. The reason for this is due to not having directory/network services inside of Azure Government/GCC High. This means that unless you have a presence in Azure Government, there is no way to authenticate your identity to a Teams invite that the DoD would send and vice versa. This poses the challenge for Microsoft to provide a resolution to the issue while maintaining security and compliance with DoD requirements.  Updates to the Microsoft roadmap on upcoming changes in GCC High can be found here.

Good News and Bad News for the DIB

The good news is for those that have already made the leap and have transitioned over to GCC High/Azure Government. As Microsoft continues to improve functionality, collaboration with the DoD will become more seamless. 

The bad news is for those that are not in GCC High, collaboration will become more challenging as time moves forward. For these companies there is a silver lining especially if you are only handling Federal Contract Information and planning to only attain the Cybersecurity Maturity Model Certification Level 1.  Microsoft is aware of the challenges posed by CMMC and that there will be a large population in the DIB space that will remain in Commercial Microsoft 365 with no plans to migration to GCC High. Eventually, federation between the cloud platforms will occur and it is just a matter of time before collaboration will become seamless again. 

Will we ever get back to the days of post pandemic collaboration and meetings?  It is my opinion that remote collaboration and meetings are here to stay but that there will be times that a face-to-face meeting will be needed. Do not put away those expense reports yet but do plan to be more strategic on how they get used. 

Contact KTL for more information on CMMC preparedness and transitioning to Microsoft Office 365 IL5.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Related Posts

Calm before the storm

CMMC: The Calm Before The Storm

Here we sit amidst a calm before the storm with many contractors in the Defense Industry Base (DIB) becoming complacent, resting idly rather than taking proactive steps towards CMMC compliance.

Read More »

Let’s Talk Security

As the IT security landscape evolves, new threats crop up almost daily and security teams face a heavy burden to keep pace. To provide some

Read More »