CMMC 2.0 and Moving to the Microsoft Government Cloud – Part Two
We’re back with part two of our CMMC blog series. If you haven’t read our first blog on this topic, we highly encourage you to check it out before reading further. Part One is an overview of the enhancements and changes to the CMMC (Cybersecurity Maturity Model Certification) and what those changes mean for you.
To quickly recap, the CMMC is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure that the DoD contractors properly protect sensitive information.
If you’re already familiar with CMMC and CMMC 2.0, then let’s dive in.
Cybersecurity Maturity Model Certification (CMMC) 2.0
The recent changes and enhancements to the CMMC have given birth to what we’re calling CMMC 2.0, which marks the start of a new era for the DoD. While the DoD once prioritized cybersecurity compliance, they’ll now prioritize efficiency and cost savings in DoD procurements. Given the predicted delays in implementing CMMC and the return to self-certification for most DIB contractors, it’s not exactly clear yet just how the DoD’s approach to cybersecurity will proceed. In fact, it’s still possible the DoD may revert to an even stricter approach if it experiences additional high-profile data breaches.
These new compliance regulations aimed at solving the security gap have introduced new challenges for the DIB with the lack of resources, finances and expertise to comply.
Getting CMMC Compliant with CollabPoint
Given the uncertainty on whether the DoD will stick to this new approach or implement even stricter guidelines, we advise contractors to continue updating and improving their cybersecurity processes and systems.
With the help of our partner, Monarch Information Security Consulting, we at CollabPoint can position you to meet, and certify for, the new CMMC requirements. Together, CollabPoint and Monarch Information Security Consulting have the industry experience to provide the means for the DIB contractor to access and operate in a proven, controlled, and secure Cloud environment. We provide careful planning and guidance to help you deliver your journey to the Microsoft Government Community Cloud High (GCCH) with confidence from start to finish. Monarch Information Security Consulting is also one of just 14 authorized CMMC third-party assessor organizations (C3PAO) in the whole country, so you’re in good hands when you work with us.
Moving to the Microsoft Government Cloud
In order to become CMMC Level 2 compliant, you need to move your organization to the Microsoft Government Cloud. There are several benefits to living in a government community Cloud high enclave (GCCH):
- Outsourced maintenance at a lower cost: a Microsoft Cloud Solution Provider (CSP) maintains all of the technical and security controls for the members of the environment at a shared cost.
- Individualized custom enclaves: each enclave is isolated and totally separate from other enclaves. Owners can customize their enclave to meet their specific requirements.
- Automated compliance requirements: the community and enclaves are built to meet the compliance requirements of NIST 800-171.
- Guaranteed compliance: the Microsoft CSP manages and oversees the community policies and processes to ensure compliance at the community level.
- Reduced costs for security: the Microsoft CSP provides all the protection controls for all the community members at a shared cost.
Move in to CollabPoint’s ‘Gated’ Community
Now that you are aware of the benefits of having a Microsoft CSP and moving into a GCCH, what are the next steps? Finding the right Microsoft CSP for you and your organization is a good place to start. It’s important to trust your Microsoft CSP as they monitor the security of your organization and the protection controls across the entire community on a 24x7x365 basis, ensuring you remain compliant to the DoD. Having the right Microsoft CSP means that you and your organization don’t have to worry about these compliance changes or make changes on the fly as you go because it is taken care of by your Microsoft CSP, like CollabPoint. Management and maintenance are taken completely taken care of and out of your hands.
Choosing CollabPoint to be your designated Microsoft CSP gives you the ability to:
Our secure enclave is built for scale and can accommodate an unlimited amount of DIBs under a few set services packages. It also leverages cyber intelligence across membership, and you don’t have to maintain or manage it yourself.
Reduce Cost & Complexity
We manage the GCCH enclave on your behalf, which reduces the compliance burden and complexities of having to maintain a compliant environment for DIBs in the SB space at a lower total cost. This allows you to save both time and money.
Segment and Isolate Data
Each DIB environment is built to isolate data and is controlled separately by CollabPoint employees, which eliminates the taxing burden of you worrying about segmentation and isolation.
The CollabPoint enclave provides DIBs in the SB space a quicker path to compliance by leveraging the controls and processes built into the fabric of the CollabPoint environment enabling you to achieve compliance faster, reducing any delays.
Leverage Unparalleled Protection
We provide a world class compliance and security solution by leveraging the power of Microsoft’s Azure security toolsets.
We’ll deliver insights and real-time visibility into compliance with our intelligent workflows and process automation, while reducing workload on you with our established Microsoft CSP processes.
What’s Included in Moving to GCCH with CollabPoint?
CollabPoint will enable your Microsoft 365 Apps and Services to work securely in a GCCH enclave, including:
- Email and governance provisioning (Office 365, DLP and AIP)
- Endpoint provisioning (Defender ATP, Laptop or Virtual Desktops)
- User provisioning (Azure AD accounts, Remote Access, Conditional Access)
- Collaboration tool provisioning (SharePoint and MS Teams)
- All Microsoft security tool sets built and optimized
- Sentinel SIEM deployment and tuning for security operations
If you have any questions about how to prepare your organization for CMMC 2.0, or want to know how you can join CollabPoint’s GCCH enclave, get in touch with our CMMC & GCC High Experts at firstname.lastname@example.org. We’re here and happy to help!