Microsoft Security Copilot and NIST 800-171
Microsoft Security Copilot can help commercial businesses in the Defense Industrial Base (DIB) meet the security requirements of NIST 800-171r3 and prepare for CMMC 2.0. Features and benefits of Security Copilot, such as automated threat detection, real-time alerts, advanced analytics, attack path analysis, and natural language explanations can improve the productivity and accuracy of security analysts. Explore how companies in the DIB may use these AI-powered capabilities to meet NIST 800-171r3 security requirements, detect and respond to threats more efficiently, and ultimately defend against threats with finite or limited resources.Understanding Compliance Between Commercial, Government, DoD & Secret Offerings - July 2025 Update
Understanding compliance between Commercial, Government, DoD & Secret Offerings: There remains much confusion as to what service supports what standards best. If you have CMMC, DFARS, ITAR, FedRAMP, CJIS, IRS and other regulatory requirements and you are trying to understand what service is the best fit for your organization then you should read this article.Microsoft Reference Identity Architectures for the US Defense Industrial Base
The white paper “Microsoft Reference Identity Architectures for the US Defense Industrial Base” is the result of deep collaboration among the National Defense ISAC "MSCloud" Working Group. It provides the group’s consensus on common challenges coupled with guidance on potential ways to overcome those challenges.Virtual Conference Focused on CMMC and Microsoft's US Sovereign Cloud
Thursday, February 04, 2021, 08:30 AM – 03:00 PM (CST) This third installment of the Cloud Security and Compliance Series (CS2) Virtual series is curated for DoD contractors looking to meet cybersecurity regulations, address security threats, and glean best practices for their Microsoft cloud investments. Many previous speakers include Richard Wakeman (Microsoft), Katie Arrington (OUSD), and several CMMC AB board members. Next month CS2 will host Rima Reyes, Dave Jennings and Morne Pretorius of the Teams GCC / GCC High / DoD product group as well as Matt Soseman, Microsoft Sr Architect focused on Microsoft Defender and applications for CMMC. See below for the full set of speakers. Join us for this ongoing informational series to cover best practices for CMMC, DFARS 7012 and the DFARS Interim Rule, NIST 800-171 compliance, CUI and ITAR data management, Audit Preparations, Cloud Management and other security topics.CMMC Compliance with Azure Sentinel
Often the purpose of a Security Information & Event Management software product (SIEM) like Microsoft's Azure Sentinel can be misunderstood. In this blog, Azure Sentinel will be discussed in terms of capabilities and importance for CMMC compliance and an ideal cloud security strategy. Azure Sentinel became generally available on March 13, 2020, and charges for the service started April 1, 2020. Sentinel can pull log data at no cost for Incident Response from AWS CloudTrail, Azure Activity Logs, Office 365/Microsoft 365 Audit Logs (all SharePoint activity and Exchange admin activity) and alerts from Microsoft Threat Protection products (Azure Security Center, Office 365 ATP, Azure ATP, Microsoft Defender ATP, Microsoft Cloud App Security, Azure Information Protection).Why Microsoft Enterprise Mobility + Security (EMS) & ATP are Necessary for NIST Compliance
In a 2018 report provided by the National Defense Industrial Association (NDIA), researchers found companies “severely underestimate(d) the costs of becoming compliant by as much as a factor of 10”. The burden of compliance is significant yet important, and businesses are considering ways to secure their information systems without breaking the bank. One area of cost savings at first glance: email only users. These individuals will likely only need a corporate email, which would reasonably lead IT leadership to purchase an Exchange Only license and carry on. However, we advise contractors purchase Office 365 Advanced Threat Protection (ATP) and Enterprise Mobility + Security (EM+S) in addition to their Exchange license as a best practice for NIST 800-171 compliance. Without the proper understanding of NIST compliance requirements, it is easy to misinterpret the need for ATP & EM+S licensing. It is also reasonable to think consultants are trying to make a quick dollar by upselling. Assuming these individuals are not entirely self-serving, let’s dive into this a little more using a friendly campfire analogy. S’mores. Purchasing an Exchange Only license is like having a s’more without the marshmallow & the graham. The marshmallow & the graham are necessary for the security and protection of the chocolate. They are the quintessential vessels that encompass and bring cohesion to the s’more as a whole. S’more explanation below.Microsoft Copilot for Security and NIST 800-171: Access Control
The second blog in this series will dive into the very first requirement family - Access Control (3.1) - and how organizations may deploy Microsoft Copilot for Security (Security Copilot) to meet the requirements entailed. This requirement family is arguably one of the most paramount because of the remarkable growth in identity-based attacks and the need for identity architects and teams to work more closely with the Security Operations Center (SOC). Microsoft Entra data noted in the Microsoft Digital Defense Report shows the number of “attempted attacks increased more than tenfold compared to the same period in 2022, from around 3 billion per month to over 30 billion. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities [2023]”.Microsoft Modern Work, Security, and Surface Evangelist to Speak at Upcoming Cloud Security Event
The Cloud Security and Compliance Series (CS2) is the go-to event for DoD contractors leveraging the Microsoft Cloud who are looking to prepare for CMMC / DFARS compliance; specifically, CS2 sessions will equip those in the Microsoft Gov Cloud with knowledge for CMMC assessment preparations because of the recent submission of the CMMC ruling.
