R3 GovCloud Workplace Offering

Microsoft 365 Aligned for Compliance and Productivity

The R3 GovCloud Workplace is our standard, cloud-based offering. Your workplace can have one or all of your R3 GovCon business solutions.

The Workplace cloud runs in an AWS GovCloud US West environment. It is a secure cloud supporting GovCon compliance and operating standards.

As of June 2025, it is a solely Microsoft 365 aligned offering. It is designed to be part of a Vertical Hybrid cloud operating model where:

the R3 GovCloud Workplace cloud natively integrates with customers' Microsoft Entra and Microsoft 365 tenant

This model is purposely architected for GovCon customers. It ensures that they are fully compliant for CMMC, DFARs, FedRAMP, NIST while maximizing the productivity and flexibility of R3 solutions including our AI capabilities.

Your users will access their R3 solutions through single-sign on via their Microsoft Entra sign on. No separate logon. And, your users will be able to work with all documents using native Office 365 capabilities such as live co-authoring in Word, Excel and PowerPoint, Auto-Save, Version History and document control via Microsoft Preview and DLP.

Each customer's R3 Workplace has its own separate web application and database for all R3 solutions. It holds their data and configuration, while their documents are automatically stored in their Microsoft 365 environment.

For security and compliance details, see our Hybrid Architecture including a full, online Hybrid Architecture Guide for IT and Security.

R3 GovCloud Workplace

Questions

Where deployed	AWS GovCloud US-West
Operating Model	Vertical Hybrid - R3 GovCloud Workplace (cloud) integrated with customers' Microsoft Entra and Microsoft 365 tenant
Authentication (SSO only)	Required single sign-on (SSO) with customers' Microsoft Entra ID
Infrastructure	Dedicated Web Application; Shared Database Server
Customer Data	Separate, dedicated customer databases including application configuration
Customer Application	Separate, supports custom changes
Data Storage	Base active amount 100GB; expandable
Backups	Full back-up monthly; Differential backup daily; intra-day transaction log hourly
Disaster Recovery	Remote backups to multiple availability zones; restore to new availability zone
Document Storage	All documents stored in customers' Microsoft 365 tenant (Commercial, GCC, GCC High)
Document Routing	ZeroDrift design ensures no documents can be stored in R3 cloud. All documents are routed into customer M365 tenant.
Office 365 User Experience	Native Office 365 user experience including Live Co-authoring Work, Excel, PowerPoint, Auto-Save, Version History
Office 365 Document Control	Continuous control of document usage based upon Microsoft Purview and DLP policies and controls
R3 AI Services	Available to all R3 GovCloud Workplace customers
Customer AI Data	AI data stored only in R3 customer tenant
AI ZeroDrift	Does not allow AI to process documents labeled CUI
Operating controls	Operates based upon CMMC L2 110 controls with AWS based 800-53 technical controls
CMMC L2 Scope	R3 is out of scope for CMMC L2; it does not store CUI. It is in scope for CMMC L1 for FCI
DFARS 252.204-7012 (c-g)	Fully supporting when customer uses GCC High in R3 Hybrid model
ITAR: US Barrier	AWS Certified US Datacenter and only US Persons; R3 Certified US Persons
DoD SRG Level Certification for FedRamp	AWS Certified for FedRamp High at DoD SRG Levels 4 and 5; GCC High for Levels 4 and 5
NIST: FIPS 140-2, data at rest	FIPS 140-2 data encryption at rest, production and backups
NIST: Encryption, data in transit	SSL, TLS and/or by routing traffic to specific FIPS 140-2 compliant AWS endpoints

Do I need to have Microsoft 365 to use R3 solutions?	Yes, if you are using the R3 GovCloud Workplace offering. You can also run R3 solutions in a private cloud or on premise.
Is R3 GovCloud Workplace FedRamp?	Our cloud is not FedRamp authorized or moderate equivalent. We do not expand your CUI boundary scope. For DFARS 7012/CMMC L2 you will need to have Microsoft GCC High in our Hybrid model to be fully compliant.
Do I need FedRamp for R3?	No. FedRamp is required for DFARS 7012. Your GCC High environment serves this purpose for FedRamp High for CUI. Microsoft is best qualified to meet the needs of DFARS 7012 in the GCC High environment. R3 is out of scope for FedRamp.
Do I store any documents in R3?	No. Based upon R3's ZeroDrift implementation all documents uploaded by your users or created by R3 are stored in your M365 tenant.
Do users work with documents in a native Office 365 experience?	Yes. All documents are stored in your M365 tenant. Links are in R3. When a user opens a document in R3 they are actually opening it from M365. Thus, they have a native Office 365 experience with features such as live co-authoring, auto-save, version history and document controls supported by Microsoft Purview and DLP.
Does R3 GovCloud Workplace in Hybrid enable our CMMC L2 certification?	Yes. R3 is out of scope for CUI in your CMMC L2 audit. This reduces your CUI boundary, audit scope, audit costs and is designed to support DIDCAC and CMMC auditor best practices.
Do I have to have a separate login to R3?	No. We use SSO. Your users use their Microsoft Entra (M365 login) to access R3.
What operational standards do you use for the R3 cloud?	We operate based upon the 110 CMMC L2 controls. We also operate based upon AWS GovCloud US West benchmarks including the NIST 800-53 technical benchmark. In addition, we operate based upon cloud best practices such as support for backups and disaster recovery.
Does R3's cloud operate with only US personnel?	Yes. R3 only employs US residents. AWS GovCloud US West is also certified for US sovereignty. This supports ITAR, EAR and other US sovereignty requirements.
Can I run other business applications in the Hybrid model?	Yes. The Vertical Hybrid model used by R3 is a general model that is Microsoft 365 aligned. R3 GovCloud Workplace runs in the Execution Plane. Any other third-party business applications can operate in your "execution plane" as long as they store all of their documents in your M365 Document Control Plane.
How can I learn technical details about the Hybrid Architecture?	See the R3 Hybrid Architecture Guide. It is an online guide for IT, Technical, Security professionals.
How does the Vertical Hybrid model used by R3 differ from horizontal hybrid?	Historically, organizations have used a horizontal hybrid model in order to store CUI in an enclave environment that is separate from their "standard environment". A typical example is using M365 Commercial, side-by-side, with a CUI enclave in GCC High. This requires separate authentication. In the Vertical Hybrid, your business applications operate in the Execution Plane with links to all documents stored in your M365 Document Control Plane. It is vertical separation using a single Microsoft Entra ID.
Can I leverage R3 AI services for my business applications?	Yes. You have access to the full scope of R3 AI services because they run in the "Execution Plane" outside of your M365 environment and are therefore not constrained for compliance reasons.

R3 GovCloud Workplace Offering

Breakdown of R3 GovCloud Workplace