You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-government/documentation-government-overview-nerc.md
+4-22Lines changed: 4 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ Both Azure and Azure Government are suitable for registered entities deploying c
21
21
22
22
## NERC overview
23
23
24
-
The [North American Electric Reliability Corporation (NERC)](https://www.nerc.com/AboutNERC/Pages/default.aspx) is a not-for-profit regulatory authority whose mission is to ensure the reliability of the North American bulk power system. NERC is subject to oversight by the US Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. In 2006, FERC granted the Electric Reliability Organization (ERO) designation to NERC in accordance with the Energy Policy Act of 2005, as stated in the US Public Law 109-58. NERC has jurisdiction over users, owners, and operators of the bulk power system that serves nearly 400 million people in North America. For more information about NERC ERO Enterprise and NERC regional entities, see [NREC key players](https://www.nerc.com/AboutNERC/keyplayers/Pages/default.aspx).
24
+
The [North American Electric Reliability Corporation (NERC)](https://www.nerc.com/AboutNERC/Pages/default.aspx) is a not-for-profit regulatory authority whose mission is to ensure the reliability of the North American bulk power system. NERC is subject to oversight by the US Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. In 2006, FERC granted the Electric Reliability Organization (ERO) designation to NERC in accordance with the Energy Policy Act of 2005, as stated in the US Public Law 109-58. NERC has jurisdiction over users, owners, and operators of the bulk power system that serves nearly 400 million people in North America. For more information about NERC ERO Enterprise and NERC regional entities, see [NERC key players](https://www.nerc.com/AboutNERC/keyplayers/Pages/default.aspx).
25
25
26
26
NERC develops and enforces reliability standards known as NERC [CIP standards](https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx). In the United States, FERC approved the first set of CIP standards in 2007 and has continued to do so with every new revision. In Canada, the Federal, Provincial, and Territorial Monitoring and Enforcement Subgroup (MESG) develops provincial summaries for making CIP standards enforceable in Canadian jurisdictions.
27
27
@@ -40,32 +40,14 @@ Both Azure and Azure Government have the same strong security controls in place
40
40
41
41
[Azure Government](./documentation-government-welcome.md) is a US government community cloud that is physically separated from the Azure cloud. It provides extra assurances regarding US government specific background screening requirements. For example, Azure Government mandates US persons verification for operations personnel with potential access to customer data. Azure Government can also support customers subject to certain [export controls laws and regulations](./documentation-government-overview-itar.md). **Both Azure and Azure Government are suitable for registered entities deploying certain workloads subject to compliance with NERC CIP standards.**
42
42
43
-
Azure and Azure Government have the broadest [compliance coverage](../compliance/index.yml) in the industry, including key independent certifications and attestations such as:
43
+
Azure and Azure Government have the broadest [compliance coverage](../compliance/index.yml) in the industry, including key independent certifications and attestations. Azure Government adds extra [compliance coverage](./documentation-government-plan-compliance.md) that is specific to US government requirements.
44
44
45
-
- ISO 27001
46
-
- ISO 27017
47
-
- ISO 27018
48
-
- ISO 22301
49
-
- ISO 27701
50
-
- ISO 9001
51
-
- ISO 20000-1
52
-
- SOC 1/2/3
53
-
- PCI DSS
54
-
- PCI 3DS
55
-
- HITRUST
56
-
- CSA STAR Certification
57
-
- CSA STAR Attestation
58
-
- FedRAMP High
59
-
- And many others
60
-
61
-
Azure Government adds extra [compliance coverage](./documentation-government-plan-compliance.md) that is specific to US government requirements.
62
-
63
-
Nuclear electric utility customers may also be subject to the Department of Energy (DoE) / National Nuclear Security Administration (NNSA) 10 CFR Part 810 export control requirements. Among other things, DoE 10 CFR Part 810 controls the export of unclassified nuclear technology and assistance. Paragraph 810.7 (b) states that specific DoE authorization is required for providing or transferring sensitive nuclear technology to any foreign entity.
45
+
Nuclear electric utility customers may also be subject to the Department of Energy (DoE) / National Nuclear Security Administration (NNSA) 10 CFR Part 810 export control requirements. Among other things, **DoE 10 CFR Part 810** controls the export of unclassified nuclear technology and assistance. Paragraph 810.7 (b) states that specific DoE authorization is required for providing or transferring sensitive nuclear technology to any foreign entity.
64
46
65
47
- Export is the transfer of protected technology or information to a foreign destination or foreign person irrespective of the destination.
66
48
- Deemed export represents the transmission of protected technology and information to a foreign person inside the United States.
67
49
68
-
Azure Government is designed to meet specific controls that restrict access to information and systems to US persons. This commitment isn't applied in Azure. Therefore, customers deploying on Azure should conduct proper risk assessment to determine if extra technical measures should be deployed to secure data that shouldn't be disclosed to foreign persons. For more information, see Azure [10 CFR Part 810 compliance offering](/azure/compliance/offerings/offering-doe-10-cfr-part-810).
50
+
Azure Government is designed to meet specific controls that restrict access to information and systems to US persons. This commitment isn't applied in Azure. Therefore, customers deploying on Azure should conduct proper risk assessment to determine if extra technical measures should be deployed to secure data that shouldn't be disclosed to foreign persons. For more information, see Azure [DoE 10 CFR Part 810 compliance offering](/azure/compliance/offerings/offering-doe-10-cfr-part-810).
69
51
70
52
**Nuclear utility customers are wholly responsible for ensuring their own compliance with all applicable laws and regulations. The forgoing isn't legal advice, and you should consult your legal advisors for any questions regarding regulatory compliance.**
0 commit comments