cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Re: Welcome to the Microsoft CMMC AMA!

GOsorio
Copper Contributor

‎Aug 25 2020 09:31 AM

‎Aug 25 2020 09:31 AM

Re: Welcome to the Microsoft CMMC AMA!

@Sarah.Gilbert 

 

Hi there, I was wondering if MS believes customers that require CMMC level 3 would be able to leverage M365 services such as EMS to become compliant or if moving to GCC high is a must?

821 Views
1 Like
1 Reply
Reply
1 Reply
best response confirmed by Sarah.Gilbert (Community Manager)
Paul Meacham

‎Aug 25 2020 10:27 AM

‎Aug 25 2020 10:27 AM

Solution

Re: Welcome to the Microsoft CMMC AMA!

@GOsorio What CMMC ML are you trying to achieve? What service are you in today (O365 Commercial, O365 GCC?) Do you have any export control requirements? O365 GCC High was designed to meet strict US Persons requirements for export control. If you have no export control requirements then you may be good where you are at. Even if you have an export control requirement there may be compensating controls (e.g., end-to-end-encryption) that you can put in place to meet them outside of O365 GCC High. Enterprise Mobility + Security (EMS) certainly has a lot of tools that can help you to meet many of the CMMC requirements (depending on the ML and your configuration of the tools/security practices).  Feel free to contact me to discuss further. 

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Sarah.Gilbert (Community Manager)
Paul Meacham

‎Aug 25 2020 10:27 AM

‎Aug 25 2020 10:27 AM

Solution

Re: Welcome to the Microsoft CMMC AMA!

@GOsorio What CMMC ML are you trying to achieve? What service are you in today (O365 Commercial, O365 GCC?) Do you have any export control requirements? O365 GCC High was designed to meet strict US Persons requirements for export control. If you have no export control requirements then you may be good where you are at. Even if you have an export control requirement there may be compensating controls (e.g., end-to-end-encryption) that you can put in place to meet them outside of O365 GCC High. Enterprise Mobility + Security (EMS) certainly has a lot of tools that can help you to meet many of the CMMC requirements (depending on the ML and your configuration of the tools/security practices).  Feel free to contact me to discuss further. 

View solution in original post

1 Like
Reply