CMMC Compliance as a Service

Nimbus Logic has engineered a secure cloud-based service, based on the Microsoft stack of technologies, to satisfy all of the controls required by CMMC to fast-track your compliance requirements.

What’s Included with CMMC Compliance as a Service?

Setup & Configuration of Microsoft 365 Services

All Microsoft cloud services are configured according to CMMC 2.0 Level 2 requirement.

Endpoint Compliance Management

Your Windows workstations and mobile devices will be enrolled with Microsoft Endpoint Manager to enforce security policies, compliance policies & app management.

Pre-built Policies & Compliance Accelerator Portal

Compliance accelerator portal will allow you to efficiently perform your Gap Analysis and will automate SPRS score generation, POAM & SSP.

Ongoing Real-Time Monitoring, Reports & Compliance Support

All endpoints and cloud services will have ongoing real-time monitoring for compliance, threat & vulnerabilities. Reports will be also delivered on a regular schedule to keep you informed.

Managed Cloud Service Offerings for CMMC
Setup of All Microsoft 365 services in accordance with CMMC 2.0 L2 Requirements
Endpoint Management, Security & Protection
Compliance Accelerator Documentation Portal
Cloud Infrastructure Guidance
Exchange Online Support
OneDrive & Sharepoint Setup & Support
Security Threat Detection & Remediation
Reports & Alerts

Setup & Configuration of Microsoft 365 Services

Setup & configuration of Microsoft 365 baseline security compliance policies in your GCC High tenant that includes

      • Azure Active Directory Identity Management and Secure Access Policies
      • Configuring Microsoft Information Protection (MIP) in your tenant
      • Data Loss Prevention (DLP), Conditional Access & Compliance policies
      • App Protection & Attack Surface Reduction (ASR) policies
      • “Customer-Key” encryption, to ensure only your organization holds the encryption keys
      • SIEM (Azure Sentinel) system setup to log all events within last 90 days and analysis of events for incident monitoring

Endpoint Compliance Management

Onboarding of devices, such as workstations & mobile devices, to Microsoft Endpoint Manager for Mobile Device Management (MDM) & Mobile Application Management (MAM).

All endpoints and cloud services will have ongoing real-time monitoring for compliance, threat & vulnerabilities. Compliance policies for endpoint include, but are not limited to, MFA, OS updates, anti-virus, disk encryption & data loss prevention policies. 

Once a device falls out of compliance, a ticket will automatically be logged with our help desk to assist you and your users to bring the device back into a compliant state.  After a period of non-compliance, the device will be locked out.

Pre-built Policies & Compliance Accelerator Portal

  • Efficiently perform your NIST SP 800-171 & CMMC 2.0 L2 self-assessment through a guided assessment by answering questions and providing the artifacts necessary
  • Assign assessment items to your colleagues
  • Automated SPRS score generation
  • Automated gap identification
  • Automated gap remediation task creation
  • Assist with POA&M generation
  • Assist with System Security Plan (SSP) generation
  • Includes over a dozen pre-built documentation templates to help meet CMMC maturity and NIST SP 800-171 requirements

Ongoing Real-Time Monitoring, Reports & Compliance Support

  • Security threat reporting and remediation for any incidents identified in the Microsoft cloud or enrolled endpoints
  • Compliance monitoring & automated alert tracking
  • Scheduled tasks required by policy, including regular security scans & threat attack simulations
  • Ongoing compliance guidance
  • Annual Gap Analysis review & assessment

How do I get validated for GCC by Microsoft?

How do I get validated for GCC by Microsoft? Fill out the online application here: Office 365 validation for government workers (microsoft.com) be sure to use the Nimbus Logic Partner Tenant ID: 97717e74-5788-4800-9f46-cf492176cacf in the box indicated.  see figure A...

Microsoft Product Placemat for CMMC

Microsoft Product Placemat for CMMC is an interactive view representing how we believe Microsoft cloud products and services satisfy requirements for CMMC practices.  The user interface resembles a periodic table of CMMC Practice Families.  The default view...

ITAR Compliance in Microsoft 365 Government

Overview The International Traffic in Arms Regulation (ITAR) was put in place by the Government to ensure materials being sent outside the United States are secure.The International Traffic in Arms Regulation (ITAR) is an export control for the United States Munitions...

Latest Microsoft GCC Posts

Need a Consultation?

Need more information or a consultation with our expert Staff? We’d be glad to help! Click the button below to request a consultation with CMMC Compliance or Microsoft GCC/GCC High Licensing options.