Government Security Program
The Government Security Program (GSP) provides eligible national or federal agencies with access to security information about Microsoft products and services.
GSP aims to help government agencies protect their nations and citizens, and to build confidence and trust in Microsoft products and services. The program is only available to qualified agencies that meet the participation criteria.
GSP provides government customers with access to the following resources:
- Security vulnerability and threat intelligence information
- Security documentation and resources about publicly available Microsoft products and services
- Source code for select Microsoft products and services
Key benefits for GSP members
The purpose of GSP is to build trust through transparency with government customers. Microsoft earns that trust through direct engagement, which occurs across four functional areas:
Information sharing and exchange
Microsoft provides GSP members with security vulnerability and threat intelligence information regarding security threats and malicious actors globally. GSP members gain access to advance notice of security vulnerabilities, data feeds containing malicious URLs detected by Bing crawlers, clean file metadata hashes, Cyber Threat Intelligence Programs (CTIP) botnet feeds from the Digital Crimes Unit (DCU), and threat intelligence alerts from Microsoft Threat Intelligence Center (MSTIC). For more information, see Information sharing and exchange.
Technical data
GSP members have access to written materials that aren't publicly available, such as documentation to internal white papers, architecture documents, and compliance reports. Members can have focused conversations with Microsoft engineers or security experts regarding how Microsoft services operate through meetings coordinated by the GSP team. Additionally, the members have early access to documentation about Microsoft's products and services. For more information, see Technical Data.
Online access to source code
GSP members can receive read-only access source code for Microsoft Windows, Office, SharePoint, Exchange, and Azure sign a secure web portal. This service enables customers to browse, search, and reference the product source code. For more information, see Online access to source code.
Transparency centers
Transparency centers allow GSP members to conduct deep levels of document and source code inspection and analysis with Microsoft engineers in a secure facility. These centers offer the ability to conduct in-depth conversations with product leadership.
Microsoft has five transparency centers located around the world - in the US, Brazil, Ireland, Singapore, and China. For more information, see Transparency centers.
The following code kits are available for GSP members along with the latest release of Microsoft Cloud for Sovereignty:
Fabric Controller: An internal service that partitions physical servers into virtual machines to enable customers to deploy and scale containers and microservices. This code kit focuses on how the Fabric Controller service prevents unauthorized access.
Azure Virtual Desktop: An enterprise solution to quickly deploy and scale desktop environments in the cloud. This code kit focuses on the secure initialization, utilization, and tear down of sessions between the client application and the Azure Virtual Desktop service to prevent unauthorized use or access.