Event banner

Microsoft Government CMMC AMA

Event Ended
Tuesday, Apr 12, 2022, 10:30 AM PDT
In-Person

Event details

We want to hear from our customers and answer their questions around how we can help them achieve CMMC compliance with your Microsoft Azure and Microsoft 365 subscriptions. We will be hosting an "Ask...
Sarah_Gilbert
Updated Apr 12, 2022
AMA
Justin_Orcutt's avatar
Justin_Orcutt
Icon for Microsoft rankMicrosoft
Apr 12, 2022
Hi Joe - Great question. Many dib companies are evaluating how they can achieve CMMC compliance using what they already have in place. With that being said, implementing and maintaining the 110 controls of CMMC and meeting all of the 300+ assessment objectives on prem can be challenging. To help we have published the CMMC placemat to help you map individual services to requirements of CMMC: https://www.microsoft.com/en-us/download/details.aspx?id=102536. You might also find our blog on understanding compliance between offerings helpful: https://techcommunity.microsoft.com/t5/public-sector-blog/understanding-compliance-between-commercial-government-and-dod/ba-p/3258326
RichardWakeman's avatar
RichardWakeman
Icon for Microsoft rankMicrosoft
Apr 12, 2022
In terms of rich client software running on-premises, such as Office 2021, is considered COTS when it's not connected to the cloud. In other words, compliance is 100% customer scope of responsibility to get the endpoint where the COTS software runs to be compliant. Many of our customers will lay down a STIG for Windows and for Office to harden the endpoint. That said, we do recommend you use the suggestion by Justin for the Product Placemat. You will find that Microsoft Endpoint Manager (Intune) and Defender for Endpoint (EDR) are fabulous options to assist you in demonstrating compliance.
Date and Time
Apr 12, 202210:30 AM - 11:30 AM PDT