Built On Microsoft 365 GCC High and Azure Government
CMMC 2.0 Level 2 is applicable to organizations supporting the Department of Defense that handle or process the following types of data:
Many, if not most of the DIB and higher education institutions will be required to meet CMMC 2.0 Level 2.
Some high-level requirements and updates for CMMC Level 2 include, but are not limited to:
Meeting NIST 800-171 controls (requirement)
POAMS will be strictly enforced within 180 days
3rd Party Audits for all OSCs for CMMC L2
Securing the handling of CUI (requirement)
Implementation of the CMMC 2.0 Level 2 Solution can include, but is not limited to:
Baselining your Microsoft 365 GCC or GCC High tenant
Configuring Microsoft Security products to meet NIST 800-171 requirements
Securing corporate devices with Microsoft Intune
Configuring Identity Management and MFA in Azure Active Directory
Implementing Microsoft Purview Information Protection (MPIP)
Microsoft Defender for data protection
Should my business spend money before CMMC 2.0 rules are established?
For more information on CMMC 2.0 updates, watch this video from Summit 7 Chief Security Evangelist, Jacob Horne. You can subscribe to the S7 YouTube channel to stay updated on all things CMMC 2.0.