This is a brief overview of a great article written in its full length which we highly recommend you read in its entirety here: Mitigating Challenges Associated with CMMC Compliance | CSO Online
What is CMMC?
CMMC is an assessment and validation framework developed by the U.S. Department of Defense (DoD). This framework requires validation of DIB contractor cybersecurity practices when handling certain types of highly sensitive data.
CMMC represents an evolution of DoD efforts to properly safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) processed by the DIB. It introduces stronger accountability for the prime contractors to ensure that appropriate security requirements are met across their supply chain.
What’s Included in CMMC 2.0?
At a high level, these changes included the following:
- Three levels of security as opposed to CMMC 1.0’s five levels
- The new Level 1 security removed independent validation requirements, allowing DIB vendors to perform annual self-assessments
- The new Level 2 security (previously Level 3 in CMMC 1.0) includes only the 110 practices from NIST SP 800-171 Rev. 2
- The new Level 3 security (previously Level 5 in CMMC 1.0) includes additional practices from NIST 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information
- The former CMMC 1.0 Levels 2 and 4 have been removed altogether
Nexigen is a Gold Microsoft partner and we have driven new technology introduced across many Microsoft platforms which require the highest level of cyber security. Microsoft has become a leader in cyber security and we recommend it platforms highly when dealing with our clients under CMMC compliance requirements.
How Microsoft Helps Organizations Prepare for CMMC Compliance
Microsoft has been doing business and partnering with the DoD for four decades, investing in cloud offerings supporting government customers and the supply chain. Whether you are a prime contractor working directly with the DoD, or a smaller sub-contractor, Microsoft 365 US Government plans can provide you with the Modern Work and security solutions you need, but in a segmented and isolated government community cloud (GCC) or even in a network sovereign to the U.S. (GCC High). Additionally, both Azure and Azure Government have FedRAMP High authorizations in place that address security controls related to the safeguarding of FCI and CUI. Microsoft has developed this to help organizations better understand compliance between Commercial, Government, and DoD offerings.
Microsoft is also actively building the CMMC Acceleration program to provide solutions and resources for both partners and DIB to leverage in their CMMC journey. The goal is to enable our customers and partners to close the gap for compliance of infrastructure, applications, and services hosted in Microsoft Azure, Microsoft 365, and Microsoft Dynamics 365. This collection of resources and tools can be leveraged to improve an organization’s security posture and get ready to be assessed.
Some of the key features of Microsoft’s CMMC Acceleration program include: