Program Overview
Our commitment to trust and transparency
The mission of Microsoft's Government Security Program (GSP) is to build trust through transparency. Microsoft recognizes that people will only use technology they trust and we strive to demonstrate our commitment to building this trust through our transparency, privacy, compliance, and security principles. Since the program's inception in 2003, Microsoft has provided visibility into our technology which governments and international organizations can use to help protect themselves and their citizens.
The GSP is designed to provide participants with the confidential security information and resources they need to trust Microsoft's products and services. Participants currently include over 40 countries and international organizations represented by more than 100 agencies. Participation enables controlled access to source code, exchange of threat and vulnerability information, engagement on technical content about Microsoft's products and services, and access to five globally-distributed Transparency Centers, which are located in the United States, Singapore, Brazil, China, and Ireland.
The Purpose of the GSP is to help governments protect themselves and their citizens by
- Enabling trust and transparency
- Providing access to security information about Microsoft products and services
- Providing data to improve protection of government information technology against cyber threats
- Fostering collaboration between Microsoft security teams and government cybersecurity experts
GSP Offerings
Originally developed to ensure government confidence in the stability and integrity of Windows, the GSP has expanded in both depth and breadth to address the changing cybersecurity landscape, along with changing technology. The GSP consists of four separate categories of service, or offerings, each addressing different needs and priorities. These offerings include access to technical information and documentation about our products and services (such as cloud services and Common Criteria certification artifacts); access to information on internet safety, cybersecurity threats, vulnerabilities, and guidance; access to controlled, online review of source code; and access to five globally distributed Transparency Centers located in the United States, Singapore, Brazil, China, and Ireland. Agencies work with local Microsoft representatives and the GSP team to ensure their goals are best supported by the right combination of GSP offerings.
|
GSP Authorization |
Offering |
|
Offering provides access to information about products and services. This includes technical documentation about Microsoft’s products and cloud services, opportunities to access Microsoft engineers to address specific topics, and security-specific technical trips to Microsoft facilities for in-depth face-to-face conversations. |
|
|
Offering provides data about threats and vulnerabilities and a communication channel with Microsoft security and response teams. |
|
|
Offering enables online access to view source code. Access is provided through a secure web portal which provides select source code in a read-only format to Microsoft products such as Windows 11 and Office. |
|
|
Offering provides agencies with an opportunity to visit a secure facility to conduct deep levels of source code inspection and analysis. Microsoft’s five Transparency Centers are located in the United States, Singapore, Brazil, China, and Ireland. |
*Specific eligibility requirements
Participation Criteria
Qualifying agencies participate at no charge. GSP participants must be:
- A national or federal government agency
- Able to sign an agreement on behalf of their government
- Leverage the resources being requested
- Able to adequately protect intellectual property and confidential information
Participation Profile
GSP participants typically have a mission which focuses on information security and assurance. Participants can include:
- National Computer Emergency Readiness Teams or Incident Response authorities
- Security / information assurance and national defense agencies consisting of:
- Developers and testers
- Application and security specialists
- Cryptography specialists
- Public safety agencies
GSP Membership
Local Microsoft representatives work with government and international organizations to determine if participating in the GSP through one of more offerings would match that agency's needs, assuming that local practices and laws related to confidentiality, information sharing, intellectual property protection, export control, and related areas align to the program.
If a country would like to have more than one agency participate in the program, the local Microsoft representatives and the agencies can work together to determine whether each agency should have its own GSP offering or have one agency as primary GSP participant that would sponsor additional agencies.
Sponsorship
For some agencies, access to the benefits of the GSP may be feasible through Sponsorship. A Sponsorship relationship is created when a participating GSP agency (the “Sponsoring Agency”) and another government agency from the same country (the “Sponsored Agency”) sign the same GSP Agreement. A GSP participant (Sponsoring Agency) may request Microsoft's approval to add other government agencies (Sponsored Agencies) as participants to the GSP. The Sponsoring Agency takes responsibility for the Sponsored Agency's compliance with all contractual terms.
Contact Us
Contact your local Microsoft representative to learn more about the Government Security Program.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for