CMMC secure score recommendations

%3CLINGO-SUB%20id%3D%22lingo-sub-1611190%22%20slang%3D%22en-US%22%3ECMMC%20secure%20score%20recommendations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1611190%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20that%20Azure%20has%20secure%20score%20recommendations%20for%20other%20common%20compliance%20standards%2C%20ie%20HIPAA.%20Will%20Microsoft%20be%20creating%20ones%20that%20can%20apply%20for%20CMMC%20compliance%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1627742%22%20slang%3D%22en-US%22%3ERe%3A%20CMMC%20secure%20score%20recommendations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1627742%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F760057%22%20target%3D%22_blank%22%3E%40bduszkie1980%3C%2FA%3E%26nbsp%3B-%20you're%20right!%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3EHere's%20a%20couple%20of%20great%20resources%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Foffering-nist-sp-800-171%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Foffering-nist-sp-800-171%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%0A%3CP%3Escroll%20down%20a%20bit%20-%20there's%20a%20preconfigured%20template%20for%20800-171.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fservicetrust.microsoft.com%2FComplianceManager%2FV3%2FControlsInfo%2FTemplate%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fservicetrust.microsoft.com%2FComplianceManager%2FV3%2FControlsInfo%2FTemplate%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAlso%20take%20a%20look%20at%20the%20Azure%20blueprint%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fblueprints%2Fsamples%2Fnist-sp-800-171-r2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fblueprints%2Fsamples%2Fnist-sp-800-171-r2%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThough%20it's%20not%20explicitly%20CMMC%2C%20(level%201%2C2%2C3%2C%204%2C%205)%2C%20this%20gets%20you%20to%20a%20point%20where%20you%20can%20understand%20how%20you're%20complying%20with%20800-171%20-%20which%20is%20the%20foundation%20for%20CMMC.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ELastly%2C%20here's%20a%20great%20article%20by%20Summit%207%20to%20get%20you%20started%20on%20architecture.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Finfo.summit7systems.com%2Fblog%2Fnist-3.3-audit-and-accountability-with-office-365%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Finfo.summit7systems.com%2Fblog%2Fnist-3.3-audit-and-accountability-with-office-365%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EI%20hope%20that%20helps!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I know that Azure has secure score recommendations for other common compliance standards, ie HIPAA. Will Microsoft be creating ones that can apply for CMMC compliance?

1 Reply
Highlighted

@bduszkie1980 - you're right!  
Here's a couple of great resources:

https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-nist-sp-800-171?view=o365-worldwi...

scroll down a bit - there's a preconfigured template for 800-171.
https://servicetrust.microsoft.com/ComplianceManager/V3/ControlsInfo/Template

Also take a look at the Azure blueprint: https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/nist-sp-800-171-r2

Though it's not explicitly CMMC, (level 1,2,3, 4, 5), this gets you to a point where you can understand how you're complying with 800-171 - which is the foundation for CMMC. 

Lastly, here's a great article by Summit 7 to get you started on architecture.
https://info.summit7systems.com/blog/nist-3.3-audit-and-accountability-with-office-365

I hope that helps!