I know that Azure has secure score recommendations for other common compliance standards, ie HIPAA. Will Microsoft be creating ones that can apply for CMMC compliance?
@bduszkie1980 - you're right! Here's a couple of great resources:
scroll down a bit - there's a preconfigured template for 800-171.https://servicetrust.microsoft.com/ComplianceManager/V3/ControlsInfo/TemplateAlso take a look at the Azure blueprint: https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/nist-sp-800-171-r2Though it's not explicitly CMMC, (level 1,2,3, 4, 5), this gets you to a point where you can understand how you're complying with 800-171 - which is the foundation for CMMC. Lastly, here's a great article by Summit 7 to get you started on architecture.https://info.summit7systems.com/blog/nist-3.3-audit-and-accountability-with-office-365
I hope that helps!