If you are part of the U.S. Department of Defense supply chain, you should be hearing more chatter about the Cybersecurity Maturity Model Certification (CMMC). CMMC is a compliance requirement of the defense industrial base (DIB), for the US government to determine if your routine business processes protect controlled unclassified information (CUI). For many organizations, this is a time to innovate, modernize systems, and enhance resiliency so your users can securely access business and productivity tools.
An estimated 300,000+ companies are impacted by CMMC, of which 40,000 will require a third-party audit of business processes and how you protect CUI. Following rulemaking starting in 2023, defense contractors will need to have a CMMC certification at one of three levels to be awarded a contract.
Today, many defense contractors use Microsoft technology as part of their IT system. To help the DIB and organizations pursuing CMMC, we curated a set of training modules from Microsoft Learn. Microsoft Learn is a free, interactive training platform for customers and partners who are new to Microsoft technology or looking to enhance their knowledge. Microsoft Learn has hundreds of hours of content to help business leaders, managers and analysts better understand how to leverage Microsoft.
“Getting started with Microsoft for CMMC” on Microsoft Learn is a curated collection designed to help customers and partners understand the capabilities of Microsoft's platform and solutions. This will help you understand ways to leverage Microsoft within your system boundary to achieve CMMC requirements. This collection includes two sections: 1) Getting started with Microsoft 365 and 2) Information Protection. The sections are progressive, and modules build off the knowledge from prior modules. We suggest starting at the beginning and completing all modules in order. By completing this collection, you will have a strong baseline for how these capabilities can help increase your security posture for CMMC readiness. In addition, you will have completed learnings that are required for SC-900 and SC-400 certifications which are related to Information Protection.
Microsoft Learn provides you with the resources needed to get a more holistic view of what you can achieve with Microsoft. In addition, it can help support projects by educating your team on key priorities such as insider risk management, protecting sensitive information, or defending against threats.
Depending on the learning path, you can test your knowledge to get certified for that skillset upon completion. Some popular learning paths include:
- Develop a Security and Compliance Plan
- Manage Data Governance in Microsoft 365
- Secure your applications in Azure
In addition to Microsoft Learn, also check out Microsoft CMMC Acceleration, a collection of resources designed to help you on this compliance journey. As part of the acceleration you can leverage a variety of tools like the CMMC 2.0 solution in Sentinel which enables governance and compliance teams to design, build, monitor, and respond to CMMC 2.0 requirements across numerous 1st and 3rd party security offerings.
For more information on how Microsoft can help you with CMMC compliance, please visit aka.ms/cmmc.