Merge pull request #15952 from MicrosoftDocs/main

9/30/2024 PM Publish

Author: Taojunshen

azure-local/TOC.yml

@@ -1,2 +1,2 @@
 - name: Index
-  href: index.md
+  href: index.yml

azure-local/breadcrumb/AzureLocal/toc.yml

@@ -1,3 +1,3 @@
-- name: '<please enter product name here>'
-  tocHref: /
-  topicHref: /
+- name: Azure Local
+  tocHref: /azure-local
+  topicHref: /azure-local/index

azure-local/docfx.json

@@ -38,6 +38,7 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+      "uhfHeaderId": "Azure",
       "breadcrumb_path": "~/breadcrumb/AzureLocal/toc.yml",
       "feedback_system": "Standard",
       "permissioned-type": "public"

azure-local/index.md

@@ -0,0 +1,24 @@
+### YamlMime:Landing
+
+title: Azure Local documentation
+summary: Azure Local is a hyperconverged clustering solution that uses validated hardware to run virtualized workloads on-premises, making it easy for customers to consolidate aging infrastructure and connect to Azure for cloud services.
+
+metadata:
+  title: Azure Local documentation
+  description: Azure Local is a hyperconverged clustering solution that uses validated hardware to run virtualized workloads on-premises.
+#  ms.service: service #Required; service per approved list. service slug assigned to your service by ACOM.
+  ms.topic: landing-page
+  author: ronmiab
+  ms.author: robess
+  ms.date: 09/30/2024
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
+
+landingContent:
+  # Card (optional)
+  - title: About Azure Local
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What is Azure Local?
+            url: /azure/azure-stack/hci/overview

azure-local/index.yml

@@ -0,0 +1,46 @@
+---
+title: FedRAMP guidance for Azure Stack HCI
+description: Learn about FedRAMP compliance using Azure Stack HCI.
+ms.date: 9/23/2024
+ms.topic: conceptual
+ms.service: azure-stack
+ms.subservice: azure-stack-hci
+ms.author: nguyenhung
+author: dv00000
+ms.reviewer: alkohli
+---
+
+# Azure Stack HCI and FedRAMP
+
+This article explains the relationship between Azure Stack HCI and FedRAMP and how organizations can stay compliant with FedRAMP with Azure Stack HCI solutions.
+
+## What is FedRAMP?
+
+The US Federal Risk and Authorization Management Program (FedRAMP) provides a standard approach for assessing, monitoring, and authorizing cloud computing products and services. FedRAMP eases US federal agencies’ ability to adopt secure cloud solutions and facilitates Microsoft and other cloud services providers’ ability to offer services to federal agencies.
+
+For more information about FedRAMP, see [Azure & FedRAMP](/azure/compliance/offerings/offering-fedramp).
+
+## Azure Stack HCI and FedRAMP
+
+Azure Stack HCI is a hybrid infrastructure solution that hosts and operates workloads on the edge; and deploys, manages, and operates at scale with Azure cloud services. Therefore, from the lens of compliance obligations, we can segment Azure Stack HCI integrated systems into two categories: cloud services and on-premises systems.
+
+### On-premises solutions
+
+As FedRAMP is designed for cloud service offerings (CSOs), the hardware device and operating system of Azure Stack HCI is not applicable for FedRAMP. Customers are responsible for the authorization package that covers the physical devices. Other standards, such as  [Federal Information Processing Standard (FIPS) 140](/azure-stack/hci/assurance/azure-stack-security-standards#federal-information-processing-standard-fips-140) and [Common Criteria (CC)](/azure-stack/hci/assurance/azure-stack-security-standards#common-criteria-for-information-technology-security-evaluation-cc), are applicable to on-premises which may be useful for your accreditation processes.
+
+### Connected cloud services
+
+For cloud services that support Azure Stack HCI infrastructure and workloads on site, Azure has a rich portfolio of FedRAMP accreditation which you can utilize to support your compliance journey. Below are some commonly used cloud services for deploying, operating, and managing Azure Stack HCI which are in scope for the Azure FedRAMP High P-ATO.
+
+- Azure Arc-enabled Kubernetes
+- Azure Arc-enabled servers
+- Azure Backup
+- Azure Key Vault
+- Azure Monitor
+- Azure Policy
+- Azure Site Recovery
+- Azure Resource Manager
+- Azure Virtual Desktop
+- Microsoft Entra ID
+
+To learn more about other services in scope, refer to [Azure and other Microsoft cloud services compliance scope](/azure/azure-government/compliance/azure-services-in-fedramp-auditscope).

azure-stack/hci/assurance/azure-stack-fedramp-guidance.md

@@ -1,7 +1,7 @@
 ---
 title: Azure Stack HCI and security standards
 description: Learn about Azure Stack HCI, security standards, and security assurance.
-ms.date: 2/5/2024
+ms.date: 09/23/2024
 ms.topic: conceptual
 ms.service: azure-stack
 ms.subservice: azure-stack-hci
@@ -24,9 +24,9 @@ The following table lists the current status of Azure Stack FIPS 140 validations
 
 |Products |Evaluation status |Details |
 |---------|---------|---------|
-|Azure Stack HCIv2, version 22H2 (Azure Stack HCI, version 22H2. Evaluation also includes Azure Stack Hub and Azure Stack Edge.) |**In process** (listed on [NIST Modules in Process](https://csrc.nist.gov/Projects/cryptographic-module-validation-program/modules-in-process/Modules-In-Process-List)) |Includes the cryptographic modules BitLocker Dump Filter, Boot Manager, Code Integrity, Cryptographic Primitives Library, Kernel Mode Cryptographic Primitives Library, Secure Kernel Code Integrity, and Windows OS Loader. |
-|Azure Stack HCIv2, version 21H2 Azure Stack HCIv2, version 22H2 (Azure Stack HCI, version 22H2. Evaluation also includes Azure Stack Hub and Azure Stack Edge.) |**In process** (listed on [NIST Modules in Process](https://csrc.nist.gov/Projects/cryptographic-module-validation-program/modules-in-process/Modules-In-Process-List)) |Includes the cryptographic modules BitLocker Dump Filter, Boot Manager, Code Integrity, Cryptographic Primitives Library, Kernel Mode Cryptographic Primitives Library, Secure Kernel Code Integrity, and Windows OS Loader. |
-|Azure Data Box Edge, version 1809 (Azure Stack Edge) |**Complete** |See the linked CMVP cryptographic module certificates for evaluation dates and cryptographic module Security Policy documents: Cryptographic Primitives Library [#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197), Kernel Mode Cryptographic Primitives Library [#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196), Code Integrity [#3644](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644), Windows OS Loader [#3615](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615), Secure Kernel Code Integrity [#3651](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651), BitLocker Dump Filter [#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092), and Boot Manager [#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089). |
+|Azure Stack HCI version 22H2 (Evaluation also includes Azure Stack Hub and Azure Stack Edge) |**In process** | listed on [NIST Modules in Process](https://csrc.nist.gov/Projects/cryptographic-module-validation-program/modules-in-process/Modules-In-Process-List)|
+|Azure Stack HCI version 21H2 (Evaluation also includes Azure Stack Hub and Azure Stack Edge) |**In process** |Kernel Mode Cryptographic Primitives Library [#4766](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4766)|
+|Azure Data Box Edge, version 1809 (Azure Stack Edge) |**Completed** |Cryptographic Primitives Library [#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197),Kernel Mode Cryptographic Primitives Library [#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196), Code Integrity [#3644](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644), Windows OS Loader [#3615](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615), Secure Kernel Code Integrity [#3651](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651), BitLocker Dump Filter [#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092), and Boot Manager [#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089). |
 
 ## Common Criteria for Information Technology Security Evaluation (CC)
 
@@ -36,8 +36,8 @@ The following table lists the current status of Azure Stack Common Criteria cert
 
 |Products |Evaluation status |Details |
 |---------|---------|---------|
-|Azure Stack HCIv2, version 22H2 (Azure Stack HCI, version 22H2. Evaluation also includes Azure Stack Hub and Azure Stack Edge.) |**Completed** January 17, 2024 |Includes the Protection Profile for General Purpose Operating Systems, the PP-Module for VPN Client, the PP-Module for Wireless Local Area Network Client, and the PP-Module for Bluetooth. Certification documents: [Security Target](https://download.microsoft.com/download/2/6/c/26c2c205-db9f-474b-9ac7-bd8bf6ae463c/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Security%20Target%20(22H2).pdf), [Administrative Guide](https://download.microsoft.com/download/c/8/3/c83090c7-d299-4d26-a1c3-fb2bf2d77a7b/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Administrative%20Guide%20(22H2).pdf), [Assurance Activity Report](https://download.microsoft.com/download/1/7/f/17fac352-5c93-4e4b-9866-3c0df4080164/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Public%20Assurance%20Activity%20Report%20(22H2).pdf), and [Certification Report](https://download.microsoft.com/download/6/9/1/69101f35-1373-4262-8c5b-75e08bc2e365/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Validation%20Report%20(22H2).pdf) |
-|Azure Stack HCIv2, version 21H2 (Azure Stack HCI, version 22H2. Evaluation also includes Azure Stack Hub and Azure Stack Edge.) |**Completed** November 21, 2022 |Includes the General Purpose Operating Systems Protection Profile, the Extended Package for WLAN Clients, and the PP Module for VPN Clients. Certification documents: [Security Target](https://download.microsoft.com/download/c/5/9/c59832ff-414b-4f15-8273-d0c349a0b154/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Security%20Target%20(21H2%20et%20al).pdf), [Administrative Guide](https://download.microsoft.com/download/9/1/7/9178ce6a-8117-42e7-be0d-186fc4a89ca6/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Administrative%20Guide%20(21H2%20et%20al).pdf), [Assurance Activity Report](https://download.microsoft.com/download/4/1/6/416151fe-63e7-48c0-a485-1d87148c71fe/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Assurance%20Activity%20Report%20(21H2%20et%20al).pdf), and [Certification Report](https://download.microsoft.com/download/e/3/7/e374af1a-3c5d-42ee-8e19-df47d2c0e3d6/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Validation%20Report%20(21H2%20et%20al).pdf) |
+|Azure Stack HCI version 22H2 (Evaluation also includes Azure Stack Hub and Azure Stack Edge) |**Completed** January 17, 2024 |Includes the Protection Profile for General Purpose Operating Systems, the PP-Module for VPN Client, the PP-Module for Wireless Local Area Network Client, and the PP-Module for Bluetooth. Certification documents: [Security Target](https://download.microsoft.com/download/2/6/c/26c2c205-db9f-474b-9ac7-bd8bf6ae463c/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Security%20Target%20(22H2).pdf), [Administrative Guide](https://download.microsoft.com/download/c/8/3/c83090c7-d299-4d26-a1c3-fb2bf2d77a7b/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Administrative%20Guide%20(22H2).pdf), [Assurance Activity Report](https://download.microsoft.com/download/1/7/f/17fac352-5c93-4e4b-9866-3c0df4080164/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Public%20Assurance%20Activity%20Report%20(22H2).pdf), and [Certification Report](https://download.microsoft.com/download/6/9/1/69101f35-1373-4262-8c5b-75e08bc2e365/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Validation%20Report%20(22H2).pdf) |
+|Azure Stack HCI version 21H2 (Evaluation also includes Azure Stack Hub and Azure Stack Edge.) |**Completed** November 21, 2022 |Includes the General Purpose Operating Systems Protection Profile, the Extended Package for WLAN Clients, and the PP Module for VPN Clients. Certification documents: [Security Target](https://download.microsoft.com/download/c/5/9/c59832ff-414b-4f15-8273-d0c349a0b154/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Security%20Target%20(21H2%20et%20al).pdf), [Administrative Guide](https://download.microsoft.com/download/9/1/7/9178ce6a-8117-42e7-be0d-186fc4a89ca6/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Administrative%20Guide%20(21H2%20et%20al).pdf), [Assurance Activity Report](https://download.microsoft.com/download/4/1/6/416151fe-63e7-48c0-a485-1d87148c71fe/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Assurance%20Activity%20Report%20(21H2%20et%20al).pdf), and [Certification Report](https://download.microsoft.com/download/e/3/7/e374af1a-3c5d-42ee-8e19-df47d2c0e3d6/Microsoft%20Windows,%20Windows%20Server,%20Azure%20Stack%20Validation%20Report%20(21H2%20et%20al).pdf) |
 |Azure Stack |**Completed** January 12, 2022 | Includes the General Purpose Operating Systems Protection Profile, the Extended Package for WLAN Clients, and the PP Module for VPN Clients. Certification documents: [Security Target](https://download.microsoft.com/download/a/5/6/a5650848-e86a-4554-bb13-1ad6ff2d45d2/Windows%2010%202004%20GP%20OS%20Security%20Target.pdf), [Administrative Guide](https://download.microsoft.com/download/4/a/6/4a66a459-3c73-4c34-84bb-92cb20301206/Windows%2010%202004%20GP%20OS%20Administrative%20Guide.pdf), [Assurance Activity Report](https://download.microsoft.com/download/3/2/4/324562b6-0917-4708-8f9d-8d2d12859839/Windows%2010%202004%20GP%20OS%20Assurance%20Activity%20Report-Public%20.pdf), and [Certification Report](https://download.microsoft.com/download/1/c/b/1cb65e32-f87d-41dd-bc29-88dc943fad9d/Windows%2010%202004%20GP%20OS%20Validation%20Reports.pdf) |
 
 ## International Organization for Standardization (ISO/IEC) 27001:2022
@@ -66,3 +66,10 @@ Complying with HIPAA is essential but challenging work for healthcare solutions
 
 > [!div class="nextstepaction"]
 > [Azure Stack HCI and HIPAA](azure-stack-hipaa-guidance.md)
+
+## US Federal Risk and Authorization Management Program (FedRAMP)
+
+FedRAMP offers a standardized process for evaluating, overseeing, and approving cloud computing products and services. It simplifies the adoption of secure cloud solutions for US federal agencies and enables providers like Microsoft to offer their services to these agencies. While obtaining FedRAMP authorization is crucial, it poses a significant challenge for cloud service providers seeking to work with federal agencies. To address this, we offer guidance that clarifies the relevant services and other pertinent information to support your accreditation efforts.
+
+> [!div class="nextstepaction"]
+> [Azure Stack HCI and FedRAMP](azure-stack-fedramp-guidance.md)

azure-stack/hci/assurance/azure-stack-security-standards.md

@@ -873,6 +873,8 @@ items:
       href: assurance/azure-stack-pci-dss-guidance.md
     - name: HIPAA guidance
       href: assurance/azure-stack-hipaa-guidance.md
+    - name: FedRAMP guidance
+      href: assurance/azure-stack-fedramp-guidance.md
   - name: Azure Stack HCI product page
     href: https://azure.com/hci
   - name: Pricing