Driving Compliance with the Microsoft Sentinel CMMC 2.0 Solution

Since its first release in 2020, the Microsoft Sentinel Cybersecurity Maturity Model Certification workbook has remained one of the most consumed Sentinel content packages in Azure Government.  

As more organizations work toward compliance against the Cybersecurity Maturity Model Certification (CMMC), this offering was built to help customers, especially in the US government space, meet and adhere to CMMC requirements.  

This offering has reached a user community of thousands of security professionals, who have given us invaluable feedback on how to improve the content. Incorporating these insights, we are excited to announce the next evolution of this content in the Microsoft Sentinel: Cybersecurity Maturity Model Certification 2.0 Solution. This solution features a redesigned user interface, new control card layouts, dozens of new visualizations, better-together integrations with Microsoft Defender for Cloud and alerting rules to actively monitor/alert on compliance posture deviations across each CMMC 2.0 control family.  

The result is a powerful offering that empowers governance and compliance teams to design, build, monitor, and respond to CMMC 2.0 requirements across Microsoft, third party, hybrid, on-premises, and multi-cloud workloads.  

Watch the demo to learn more: 

The Cybersecurity Maturity Model Certification (CMMC) 2.0 model consists of processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and references, in addition to inputs from the Defense Industrial Base (DIB) and Department of Defense (DoD) stakeholders. The CMMC 2.0 model specifies three levels: Level 1 (Foundational) to Level 3 (Advanced).  

See the:light_bulb:CMMC Model for more information.  

The solution includes the new CMMC Workbook, (2) Analytics Rules, and (3) Playbooks. While only Microsoft Sentinel and Microsoft Defender for Cloud are required to get started, the solution is enhanced with numerous Microsoft offerings, including Microsoft 365 Defender,  Microsoft Information Protection, Azure Active Directory, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Defender for Office 365. 

Benefits 

• Build/design workloads within CMMC 2.0 requirements  
• Customizable reporting for subscription, workspace, time, control family, and level requirements  
• Fully customizable panels for 3rd party product integration 
• Deep links integration for seamless pivots between security products 
• Document Assessments via implementation, implementation dates, and notes 
• Redesigned Control Cards, Coverage across 16 Control Families, and Level 1-2 Requirements.  
• Direct alignment to the Microsoft Technical Reference Guide for CMMC 2.0  
• Query/Alert generation with (2) new analytics rules 
• Automated SOAR Playbook response for notification and ticketing 

Get Started Today 

• Microsoft Sentinel > Content Hub > Search “CMMC 2.0” > Install 
  • Review Workbooks (“Cybersecurity Maturity Model Certification (CMMC) 2.0”), Analytics (“CMMC 2.0 Level 1 (Foundational) Readiness Posture”, “CMMC 2.0 Level 2 (Advanced) Readiness Posture”), and Playbooks (“Notify-GovernanceComplianceTeam”, “CreateJIRAIssue”, “Open_DevOpsTask”) 
• See ReadMe for prerequisites, feature details, and GOV Cloud deployment guidance.  

Learn More about CMMC with Microsoft Security 

• Microsoft Cybersecurity Maturity Model Certification Portal 
• Microsoft CMMC Acceleration Program 
• Microsoft Federal - Cybersecurity Maturity Model Certification 
• How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud