Merge pull request #100042 from jomolesk/azbpgov

GitHubber17 · web-flow · commit c9620263e653 · 2020-01-02T14:42:10.000-08:00
Update compliance page
diff --git a/articles/azure-government/documentation-government-plan-compliance.md b/articles/azure-government/documentation-government-plan-compliance.md
@@ -13,34 +13,22 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: azure-government
-ms.date: 08/15/2018
+ms.date: 01/20/2020
 ms.author: jomolesk
 
 ---
 # Azure Government compliance
 
-## Azure Security and Compliance Blueprint
+## Azure Blueprints
 
-Azure Security and Compliance Blueprints include guidance documents and automation templates to help customers deploy cloud-based architectures that offer solutions to scenarios that have accreditation or compliance requirements. Azure Security and Compliance Blueprints for government are designed to facilitate the secure and compliant use of Azure for government agencies and third-party providers building on behalf of government. Azure Government has received a FedRAMP Provisional Authority to Operate (P-ATO) and DoD Provisional Authorization (PA). These authorizations reduce the scope of customer-responsibility security controls in Azure-based systems. Inheriting security control implementations from Azure Government allows customers to focus on control implementations specific to their IaaS, PaaS, or SaaS environments built in Azure. Azure Security and Compliance Blueprint are available on the [Service Trust Portal](https://servicetrust.microsoft.com/ViewPage/BlueprintOverviewv3). 
-
-## Azure Security and Compliance Blueprint Customer Responsibility Matrix
-
-The Azure Security and Compliance Blueprint Customer Responsibility Matrix (CRM) is designed to aid Azure Government customers implementing and documenting system-specific security controls implemented within Azure. The CRM lists all [NIST SP 800-53](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf) security control requirements for FedRAMP and DISA baselines that include a customer implementation requirement. This includes controls with a shared responsibility between Azure and Azure customers and controls that must be fully implemented by Azure customers. Where appropriate, controls are delineated at a control sub-requirement granularity to provide specific guidance.
-
-The CRM is available as Microsoft Excel workbook for the FedRAMP Moderate and High baselines, the DISA Cloud Computing SRG L4 and L5 baselines, and the NIST Cybersecurity Framework (CSF). The CRM is available for download from the [Service Trust Portal](https://servicetrust.microsoft.com/ViewPage/BlueprintOverviewv3).
-
-## Azure Security and Compliance Blueprint System Security Plan template
-
-The Azure Security and Compliance Blueprint System Security Plan (SSP) template is designed for use in developing an SSP that documents both customer security control implementations and controls inherited from Azure. Controls which include a customer responsibility contain guidance on documenting control implementation with a thorough and compliant response. Azure inheritance sections document how security controls are implemented by Azure on behalf of the customer.
-
-The SSP is available for the FedRAMP Moderate and High baselines, and the DISA Cloud Computing SRG L4 and L5 baselines. The SSP is available for download from the [Service Trust Portal](https://servicetrust.microsoft.com/ViewPage/BlueprintOverviewv3).
+[Azure Blueprints](https://azure.microsoft.com/services/blueprints/) can help you automate the process of achieving compliance on Azure Government. FedRAMP and other [standards-based blueprint samples](https://docs.microsoft.com/azure/governance/blueprints/samples/) are available in Azure Blueprints.
 
 ## General Data Protection Regulation (GDPR) Data Subject Requests (DSRs) on Azure Government
 
 Azure tenant administrators can use the [User Privacy blade](https://portal.azure.us/#blade/Microsoft_Azure_Policy/UserPrivacyMenuBlade/Overview) in the Azure portal to export and/or delete personal data generated during a customer's use of Azure Government services. For more information about Data Subject Requests, see [Data Subject Requests for the GDPR](https://docs.microsoft.com/microsoft-365/compliance/gdpr-dsr-azure).
 
 ## Next steps
 
-Visit the [Azure Security and Compliance Blueprint page](https://servicetrust.microsoft.com/ViewPage/BlueprintOverviewv3) on the Service Trust Portal.
+Learn about [Azure Blueprints](https://azure.microsoft.com/services/blueprints/)
 
-[Microsoft Azure Government Blog](https://devblogs.microsoft.com/azuregov/)
+Visit the [Microsoft Azure Government Blog](https://devblogs.microsoft.com/azuregov/)
