The Cybersecurity Maturity Model Certification (CMMC) was released in January of 2020 as the next stage in the Department of Defense's (DoD) efforts to secure the Defense Industrial Base (DIB) and its supply chain, as well as higher education or university-based research labs conducting research on behalf of the DoD. Many, if not most of the DIB and higher education institutions, will be required to meet Level 3 depending on the types of data they handle. Some high-level requirements for meeting CMMC Level 3 include, but are not limited to:
NIST 800-171 compliance plus 20 additional practices and 52 maturity processes
Incident Response (IR) using an approved SIEM solution
A resilient backup and restoration solution
Securing the handling of CUI
Summit 7 has served over 500 government contractors, manufacturers, and higher ed research facilities by helping them meet the requirements for DFARS 7012 compliance. Implementation of the Level 3 Solution includes, but is not limited to:
Baselining your Microsoft 365 GCC High tenant
Configuring Identity Management in the Azure Active Directory
Implementing Microsoft 365 GCC High Exchange Online, Advanced Threat Protection (ATP) and Data Loss Prevention (DLP)
Configuring AvePoint and Azure backup solutions to your on-premises, cloud, or hybrid environment
Implementing Azure Government Sentinel (SIEM)
Configuring Microsoft Information Protection (MIP) in your tenant
For more information on CMMC Level 3 requirements, you can check out this page, or watch the video below by Scott Edwards.
