Cybersecurity Maturity Model Certification (CMMC) 2.0 was released in November of 2021 as the next stage in the Department of Defense's (DoD) efforts to secure the Defense Industrial Base (DIB) and its supply chain. Many, if not most of the DIB and higher education institutions will be required to meet CMMC 2.0 Level 2 - depending on the types of data they handle. Some high-level requirements and updates for CMMC Level 2 include, but are not limited to:
Meeting NIST 800-171 controls (requirement)
Re-introduction of POAMS. Now POAMS must be fully resolved within 180 days of contract (update)
3rd Party Audits or Self attestation will be called out on a per-contract basis (update)
Securing the handling of CUI (requirement)
Summit 7 has served over 560 government contractors, manufacturers, and higher ed research facilities by helping them meet the requirements for DFARS 7012, NIST 800-171, and CMMC 1.0 Level 3 compliance.
Implementation of the CMMC 2.0 Level 2 Solution can include, but is not limited to:
Baselining your Microsoft 365 GCC or GCC High tenant
Configuring Microsoft Security products to meet NIST 800-171 requirements
Securing corporate devices with Microsoft Intune
Configuring Identity Management and MFA in Azure Active Directory
Implementing Microsoft Infomation Protection (MIP), Advanced Threat Protection (ATP), and Data Loss Prevention (DLP)
For more information on CMMC 2.0 updates, watch this video from Summit 7 Chief Security Evangelist, Jacob Horne. You can subscribe to the S7 YouTube channel to stay updated on all things CMMC 2.0.
