GCC High - Encryption and Telephony

What is GCC High (GCCH)? 

To meet the unique and evolving requirements of the United States Department of Defense, as well as contractors holding or processing DoD controlled unclassified information (CUI) or subject to International Traffic in Arms Regulations (ITAR), Microsoft offers GCC (Government Community Cloud) High and DoD environments. Available through Volume Licensing, interested organizations go through a validation process to ensure eligibility before an environment is established. 

Office 365 GCC High and DoD meet the compliance requirements for the following certifications and accreditations: 

• Office 365 GCC High and DoD: Is assessed using the National Institute of Standards and Technology (NIST) Special Publication 800-800-53 controls at a FIPS 199 High Categorization. 

• Office 365 DoD: The security controls and control enhancements for United States Department of Defense Cloud Computing Security Requirements Guide (SRG) for information up to Impact Level 5 (L5). 

Per the DoD requirements, only Department of Defense entities may purchase licenses for the Office 365 DoD environment that is certified as DoD SRG L5. Non-Department of Defense entities who meet the appropriate eligibility requirements may purchase licenses for the Office 365 GCC High environment which is assessed using NIST SP 800-53 controls at a FIPS 199 High Categorization and can demonstrate equivalency to IL4 or necessary inheritance for CMMC. 

CallTower’s Role with GCC High Customers 

Primarily, the security and confidentiality of customer information are paramount. Microsoft organizations within the GCCH deal with sensitive data, and having clearance ensures that only authorized personnel can access and handle this information. Additionally, legal and compliance requirements, specific vendor agreements, and adherence to industry standards play a pivotal role in restricting access. Unauthorized entry or handling of data could result in legal consequences for our organization. Technicians must be aware that our organization currently lacks the necessary clearance to access these entities, outside of exceptional circumstances. 

CallTower Support is not to provide professional services to GCCH customers or access the GCCH tenant for ANY REASON unless approved by management or Microsoft Engineering. Technicians should refer the customer to their authorized Cloud Service Partners (CSPs) for tenant-level troubleshooting, user management within Microsoft 365, or other organization-specific requests. 

GCCH Voice Service Encryption 

Microsoft Teams ensures the security of voice traffic through a combination of robust encryption measures. Transport Layer Security (TLS) is employed to encrypt communication channels, safeguarding data transmission between clients and Microsoft servers. Advanced Encryption Standard (AES) is used for media encryption, providing a secure layer for the actual audio data during transmission. The implementation of the Secure Real-time Transport Protocol (SRTP) further enhances real-time voice traffic security by incorporating features like encryption, authentication, and integrity checks.  

Authentication and authorization mechanisms are in place to verify user and device identities, ensuring that only authorized users can access voice communication features within Teams. Additionally, in peer-to-peer calls, Microsoft Teams employs end-to-end encryption, enhancing security by encrypting voice traffic on the sender's device and decrypting it on the recipient's device.  

Regular updates and a commitment to security best practices contribute to a comprehensive approach to protecting voice communications within Microsoft Teams. Users are encouraged to stay current with the latest application versions to benefit from ongoing security enhancements. 

While modern communication technologies, such as VoIP (Voice over IP) and SIP (Session Initiation Protocol), offer opportunities for encryption, the transition faces obstacles in upgrading global PSTN (Public Switched Telephone Network) infrastructure and addressing concerns related to real-time voice communication performance and bandwidth overhead. As a result, PSTN calls will not be E2EE (end-to-end encryption) encrypted or cannot be guaranteed to be encrypted to the same degree as internal Teams VoIP communications. GCCH customers should be cautious about sending privileged or confidential information over PSTN calls or interacting with unauthorized personnel over the phone.