Joint Special Access Program (SAP) Implementation Guide (JSIG)

JSIG overview

Special Access Programs represent some of the US Department of Defense (DoD) most sensitive information that must be protected accordingly. Given the rapid increase in cybersecurity threats, DoD can no longer rely on physical isolation as a primary risk mitigation strategy. Instead, the National Institute of Standards and Technology (NIST) SP 800-37 provides a common information security framework for the US federal government and its contractors to improve information security, strengthen risk management processes, and transform the traditional certification and accreditation process into a modern Risk Management Framework (RMF). The DoDM 5205.07, Volume 1, Special Access Program (SAP) Security Manual: General Procedures, provides policy, guidance, and standards for the authorization of information systems and application of RMF within a DoD SAP.

The purpose of the Joint Special Access Program (SAP) Implementation Guide (JSIG) is to provide policy and guidance on the implementation of the RMF. JSIG serves as a technical supplement to NIST SP 800-53 and CNSSI 1253. It is used in combination with the applicable volume of DoDM 5205.07 in the application of the RMF. JSIG provides standardized policies for cybersecurity and information assurance, procedures, and implementation guidance for use in the management of systems at all classification levels under the purview of the SAP Authorizing Official (AO). These policies and procedures adhere to applicable laws, executive orders, directives, policies, regulations, standards, and guidance.

Azure and JSIG

Azure Government Secret and Azure Government Top Secret maintain JSIG Authorizations to Operate (ATO) at Protection Level 3 (PL3).

Azure Government Secret was developed using the same principles and architecture as Azure commercial cloud. It enables fast access to sensitive, mission-critical information while maintaining the security and integrity of classified workloads. It is available from three dedicated regions located over 500 miles apart. Azure Government Secret operates on secure, native connections to classified networks with options for ExpressRoute and ExpressRoute Direct for private, resilient, high-bandwidth connectivity.

Azure Government Top Secret serves the national security mission and empowers leaders across the Intelligence Community (IC), Department of Defense (DoD), and Federal Civilian agencies to process national security workloads classified at the US Top Secret level. Azure regions for Top Secret classified data expand the ability of our national security customers to achieve greater agility, cost savings, and speed to innovation.

Applicability

  • Azure Government Secret
  • Azure Government Top Secret

Services in scope

For a list of Microsoft cloud services in scope for the JSIG ATO in Azure Government Secret or Azure Government Top Secret, contact your Microsoft account representative.

Attestation documents

Contact your Microsoft account representative for assistance.

Frequently asked questions

What Azure services are covered by the JSIG Authorization to Operate (ATO)?
For a list of Microsoft online services in scope for the JSIG ATO in Azure Government Secret or Azure Government Top Secret, contact your Microsoft account representative.

Resources