Handling Federal Contract Information (FCI) in Microsoft 365
CMMC 2.0 Level 1 (Cybersecurity Maturity Model Certification) is applicable to aerospace and defense contractors supporting the Department of Defense that handle or process Federal Contract Information (FCI).
Some high-level requirements and updates for CMMC Level 1 could include, but are not limited to:
17 practices aligned with FAR 52.204-21 - Basic Safeguarding of Covered Contractor Information Systems
Securing Federal Contracting Information (FCI)
This project includes the following:
Securing data on your workstations and mobile devices
Configuring of Microsoft 365 E3 licensing to the 12 technical security controls in CMMC Level 1
Data backup and retention for specific contract compliance (optional)
Initial assessment of your existing Microsoft 365 Commercial tenant (optional)
For more information on CMMC 2.0 updates, watch this video from Summit 7 Chief Security Evangelist, Jacob Horne. You can subscribe to the S7 YouTube channel to stay updated on all things CMMC 2.0.