The Cybersecurity Maturity Model Certification (CMMC) was released in January of 2020 as the next stage in the Department of Defense's (DoD) efforts to secure the Defense Industrial Base (DIB) and its supply chain. Many, if not most of the DIB, will be required to meet Level 3. Some high-level requirements for meeting CMMC Level 3 include, but are not limited to:
NIST 800-171 compliance plus 20 additional practices and 52 maturity processes
Incident Response (IR) using an approved SIEM solution
A resilient backup and restoration solution
Securing the handling of CUI
Summit 7 has served government contractors by helping them meet the requirements for DFARS 7012 compliance. Implementation of the Level 3 Solution includes, but is not limited to:
Baselining your Office 365 GCC High tenant
Configuring Identity Management in the Azure Active Directory
Implementing Microsoft 365 GCC High Exchange Online, Advanced Threat Protection (ATP) and Data Loss Prevention (DLP)
Configuring AvePoint and Azure backup solutions to your on-premises, cloud, or hybrid environment
Implementing Azure Government Sentinel (SIEM)
Configuring OpenDNS filtering to your tenant
For more information on CMMC Level 3 requirements you can check out this page, or watch the video below by Scott Edwards.
