GCC, Government Community Cloud, can essentially be thought of as a government focused copy of the commercial environment. It has many of the same features, but features data centers ONLY in the continental United States (CONUS), as mandated by FedRAMP Moderate. Compliance frameworks that can be met in GCC include:
DFARS 252.204-7012 (No flow downs as Microsoft will not attest to compliance)
DoD SRG Level 2 (with no provisional authority)
FBI CJIS (Criminal Justic Information Services)
FedRAMP Moderate (Accredited)
GCC High was created to meet the needs of DoD and Federal contractors that needed to meet the stringent cybersecurity and compliance requirements of NIST 800-171, FedRAMP High, and ITAR, or who need to manage CUI/CDI. GCC High is technically a copy of the DoD cloud but exists in its own sovereign environment.
With GCC High, you begin to see a noticeable loss of feature parity with commercial environments. Things like Calling Plans and Compliance Manager aren’t available, and several tools like Microsoft Defender ATP, Cloud App Security and Intune are missing a few functions. The reasons for this are threefold. [Update: Agile IT is now able to enable calling and audio conferencing in GCC High]
First is the federal approval process. Each feature must be rigorously tested in the DoD and GCC High clouds to assure compliance and security.
Secondly, for many of the applications, a dedicated staff that has passed Department of Defense IT-2 adjudication based on an Office of Personnel Management investigation is required for development and support.
Finally, some of Microsoft 365 applications will fail to meet compliance requirements by their very nature. Ironically, this happens most frequently with security and governance tools, since they require standing access to data in order to be effective. In some cases, when the tools are critical, such as Azure Sentinel, Cloud App Security and Microsoft Defender the tools are almost completely rebuilt to meet these criteria.
I hope this information will be helpful!
Matt Henry