Forum Discussion

bduszkie1980's avatar
bduszkie1980
Copper Contributor
Aug 25, 2020

CMMC secure score recommendations

I know that Azure has secure score recommendations for other common compliance standards, ie HIPAA. Will Microsoft be creating ones that can apply for CMMC compliance?

1 Reply

Sort By
  • Anupam_K_Gupta's avatar
    Anupam_K_Gupta
    Former Employee
    Sep 02, 2020

    bduszkie1980 - you're right!  
    Here's a couple of great resources:

    https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-nist-sp-800-171?view=o365-worldwide

    scroll down a bit - there's a preconfigured template for 800-171.
    https://servicetrust.microsoft.com/ComplianceManager/V3/ControlsInfo/Template

    Also take a look at the Azure blueprint: https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/nist-sp-800-171-r2

    Though it's not explicitly CMMC, (level 1,2,3, 4, 5), this gets you to a point where you can understand how you're complying with 800-171 - which is the foundation for CMMC. 

    Lastly, here's a great article by Summit 7 to get you started on architecture.
    https://info.summit7systems.com/blog/nist-3.3-audit-and-accountability-with-office-365

    I hope that helps!

Resources