There was a major announcement this week. Both Microsoft Office 365 and Azure have been granted a DoD Provisional Authority (PA) at Level 5 (L5) to store and process unclassified data. This is a significant achievement which no other cloud vendor has been able to achieve across SaaS, PaaS and IaaS. This is driven by the Office 365 US Government Defense and Azure Government (DoD Region) clouds.
The DoD Cloud Computing (CC) Security Requirements Guide (SRG) defines controls that Cloud Service Offerings (CSO) must adhere to beyond controls defined by FedRAMP (NIST 800-53).
Public Announcement - DOD Level 5 PA granted to Microsoft Azure and Office 365 - https://enterprise.microsoft.com/en-us/industries/government/dod-level5-p-ato-granted-microsoft-azure-office-365/
Public Announcement - Azure DoD Regions Accredited at Impact Level 5 and Now Generally Available - https://blogs.msdn.microsoft.com/azuregov/2017/01/13/azure-dod-regions-accredited-at-impact-level-5-and-now-generally-available/
Public Announcement - Microsoft Azure Government is First Commercial Cloud to Achieve DoD Impact Level 5 Provisional Authorization, General Availability of DoD Regions - https://azure.microsoft.com/en-us/blog/microsoft-azure-government-is-first-commercial-cloud-to-achieve-dod-impact-level-5-provisional-authorization-general-availability-of-dod-regions/
Not all clouds are created equal - https://enterprise.microsoft.com/en-us/industries/government/check-the-facts/
Microsoft Trust Center - Department of Defense (DoD) Provisional Authorization - https://www.microsoft.com/en-us/TrustCenter/Compliance/DISA#