Built On Microsoft 365 GCC High and Azure Government
CMMC 2.0 (Cybersecurity Maturity Model Certification) is applicable to organizations supporting the Department of Defense that handle or process the following types of data:
A smaller group of aerospace and defense contractors handling critical data (CUI, CTI, ITAR) will be assessed against CMMC 2.0 Level 3.
While the final requirements are still being defined, some high-level requirements and updates for CMMC Level 3 could include, but are not limited to:
Meeting NIST 800-172 controls (requirement)
Those with previous DIBCAC assessments likely to be chosen
3rd Party Audits for all OSCs for CMMC L3
Securing the handling of secret or top-secret information
NOTE: Summit 7 will solidify a solution for CMMC 2.0 Level 3 soon after the requirements are set from the DoD.
Although requirements are still yet to be defined, Summit 7 has begun working towards a CMMC L3 solution. Initial stages of this implementation can include:
Addressing your CMMC 2.0 Level 2 baseline (if applicable)
Baselining your Microsoft 365 GCC or GCC High tenant
Configuring Microsoft Security products to meet NIST 800-172 requirements
Configuring Identity Management and MFA in Azure Active Directory
Implementing Microsoft Purview Information Protection (MPIP)
Microsoft Defender for data protection
Likely CMMC 2.0 Level 3 Assessment Requirements
For more information on CMMC 2.0 updates, watch this video from Summit 7 Chief Security Evangelist, Jacob Horne. You can subscribe to the S7 YouTube channel to stay updated on all things CMMC 2.0.