What’s Included with CMMC Compliance as a Service?
Setup & Configuration of Microsoft 365 Services
All Microsoft cloud services are configured according to CMMC 2.0 Level 2 requirement.
Endpoint Compliance Management
Your Windows workstations and mobile devices will be enrolled with Microsoft Endpoint Manager to enforce security policies, compliance policies & app management.
Pre-built Policies & Compliance Accelerator Portal
Compliance accelerator portal will allow you to efficiently perform your Gap Analysis and will automate SPRS score generation, POAM & SSP.
Ongoing Real-Time Monitoring, Reports & Compliance Support
All endpoints and cloud services will have ongoing real-time monitoring for compliance, threat & vulnerabilities. Reports will be also delivered on a regular schedule to keep you informed.
Managed Cloud Service Offerings for CMMC
Setup & Configuration of Microsoft 365 Services
Setup & configuration of Microsoft 365 baseline security compliance policies in your GCC High tenant that includes
-
-
- Azure Active Directory Identity Management and Secure Access Policies
- Configuring Microsoft Information Protection (MIP) in your tenant
- Data Loss Prevention (DLP), Conditional Access & Compliance policies
- App Protection & Attack Surface Reduction (ASR) policies
- “Customer-Key” encryption, to ensure only your organization holds the encryption keys
- SIEM (Azure Sentinel) system setup to log all events within last 90 days and analysis of events for incident monitoring
-
Endpoint Compliance Management
Onboarding of devices, such as workstations & mobile devices, to Microsoft Endpoint Manager for Mobile Device Management (MDM) & Mobile Application Management (MAM).
All endpoints and cloud services will have ongoing real-time monitoring for compliance, threat & vulnerabilities. Compliance policies for endpoint include, but are not limited to, MFA, OS updates, anti-virus, disk encryption & data loss prevention policies.
Once a device falls out of compliance, a ticket will automatically be logged with our help desk to assist you and your users to bring the device back into a compliant state. After a period of non-compliance, the device will be locked out.
Pre-built Policies & Compliance Accelerator Portal
- Efficiently perform your NIST SP 800-171 & CMMC 2.0 L2 self-assessment through a guided assessment by answering questions and providing the artifacts necessary
- Assign assessment items to your colleagues
- Automated SPRS score generation
- Automated gap identification
- Automated gap remediation task creation
- Assist with POA&M generation
- Assist with System Security Plan (SSP) generation
- Includes over a dozen pre-built documentation templates to help meet CMMC maturity and NIST SP 800-171 requirements
Ongoing Real-Time Monitoring, Reports & Compliance Support
- Security threat reporting and remediation for any incidents identified in the Microsoft cloud or enrolled endpoints
- Compliance monitoring & automated alert tracking
- Scheduled tasks required by policy, including regular security scans & threat attack simulations
- Ongoing compliance guidance
- Annual Gap Analysis review & assessment
GCC High Road Map June 2022
GCC High Road Map June 2022 ( Customers Only ) GCC High Roadmap - June 2022 - AOSG Partners
How do I get validated for GCC by Microsoft?
How do I get validated for GCC by Microsoft? Fill out the online application here: Office 365 validation for government workers (microsoft.com) be sure to use the Nimbus Logic Partner Tenant ID: 97717e74-5788-4800-9f46-cf492176cacf in the box indicated. see figure A...
Microsoft Product Placemat for CMMC
Microsoft Product Placemat for CMMC is an interactive view representing how we believe Microsoft cloud products and services satisfy requirements for CMMC practices. The user interface resembles a periodic table of CMMC Practice Families. The default view...
ITAR Compliance in Microsoft 365 Government
Overview The International Traffic in Arms Regulation (ITAR) was put in place by the Government to ensure materials being sent outside the United States are secure.The International Traffic in Arms Regulation (ITAR) is an export control for the United States Munitions...
Latest Microsoft GCC Posts
Need a Consultation?
Need more information or a consultation with our expert Staff? We’d be glad to help! Click the button below to request a consultation with CMMC Compliance or Microsoft GCC/GCC High Licensing options.