Few years ago, Microsoft launched the Government Security Program (GSP) – A program designed by Microsoft to help governments evaluate and protect existing systems, and create, deploy, and maintain more secure infrastructure, the GSP fosters partnership and trust. It is open to government agencies regardless of a commercial contract with Microsoft, and is an important part of what we consider to be our duty as global citizens.
The GSP helps governments respond more effectively and efficiently to computer security incidents and emergencies. In addition, the GSP helps decrease the risk of attack by sharing information from Microsoft security intelligence data, which exposes malicious software and similar cyberthreats. Information shared may include known vulnerabilities that Microsoft is investigating; upcoming and released patches and security updates; and incident information. Microsoft also shares information on product security, the company’s approach to security, and its incident response process.
Microsoft has signed its newest Government Security Program (GSP) agreement with the NATO Communications and Information (NCI) Agency to strengthen relationships and address new cybersecurity threats; and also include new Microsoft services such as vulnerability and threat intelligence.
Microsoft’s Joe Macri and the NATO Communications and Information (NCI) Agency’s Koen Gijsbers commemorate the signing of the newest GSP agreement.
The GSP provides national governments with access to important Microsoft product and security resources, including:
- Source code for important Microsoft products, which helps governments evaluate existing systems, assure the integrity of the supply chain, and design, deploy, and maintain secure computing infrastructures.
- Microsoft Transparency Centers, where governments will be able to inspect the source code from enterprise products available through the program.
- Vulnerability and threat intelligence from Microsoft to help governments respond more effectively and efficiently to computer security incidents.
- Technical information about Microsoft products and services to help governments design, develop, and implement more secure computing systems.
- Information about the core cloud services that demonstrates compliance with cloud controls, including Service Organization Control (SOC) Type II and ISO 27001 Statement of Applicability reports.
GSP participants use the program’s capabilities to meet information assurance needs. For example, participants can gain deeper understanding of Microsoft products and services for evaluation and certification. The program can also help participants with compatibility and deployment planning, particularly for Windows 10 or cloud migration scenarios. Additionally, many GSP participants are interested in the cybersecurity threat and vulnerability services that Microsoft provides through the GSP, which help protect their citizens, economies and infrastructure.
Microsoft currently has GSP agreements with over 40 agencies from more than 25 governments worldwide. In each of these cases, we have found that supporting an open dialogue and collaborative environment is the most effective way to increase transparency, reliability and integrity in our collective desire for improving cybersecurity.