Trace Id is missing
two guys looking at the computer

Working with the Department of Defense? You’ll need to get certified.

Check out this useful guide for small and medium-sized organizations to implement the latest Microsoft 365 and Azure capabilities for satisfying CMMC Level 1 practices.

Cybersecurity Maturity Model Certification (CMMC)

What is CMMC?

The U.S. Department of Defense (DoD) is implementing the Cybersecurity Maturity Model Certification (CMMC) to verify the cybersecurity of its supply chain. The certification encompasses three maturity levels with progressively more demanding requirements on processes and practices.

Why CMMC?

Part of the DoD’s focus on the security and resiliency of the Defense Industrial Base (DIB) sector is working with industry to enhance the protection of sensitive information and intellectual property within the supply chain.

Who needs to be certified?

CMMC will impact all organizations that provide goods or services to the DoD. It is currently pending rulemaking completion (expected between late 2022 to late 2023). When fully implemented, CMMC will be a DoD contractual requirement and a condition for award.

Microsoft can help you get certified

Accelerate your CMMC accreditation process, no matter which level you need
shield blue icon

Strengthen your cybersecurity baseline

control blue icon

Control and protect sensitive data

Streamline compliance blue icon

Streamline compliance

Microsoft Cloud service offerings

Microsoft 365

Reimagine the way you work with an integrated solution including Teams, OneDrive cloud storage, and Office apps.

Microsoft Product Placemat for CMMC 2.0 Level 2

Microsoft 365 Roadmap

  • Microsoft 365 for Enterprise

    Microsoft 365 deliver the power of cloud productivity to organizations of all sizes, helping save time, money, and free up valued resources. The Worldwide instance provides compliance with FedRAMP High for some services.

  • Microsoft 365 GCC

    Microsoft 365 Government (GCC) provides compliance with FedRAMP High, Defense Federal Acquisition Regulations Supplement (DFARS) and DISA Cloud Computing Security Requirement Guide (CC SRG) Impact Level 2.

  • Microsoft 365 GCC High and DoD

    Delivers compliance with FedRAMP High, Defense Federal Acquisition Regulations Supplement (DFARS), DISA Cloud Computing Security Requirement Guide (CC SRG) Impact Level 4, and International Traffic in Arms Regulations (ITAR).

Microsoft Azure

Achieve your goals with the freedom and flexibility to build, manage, and deploy your applications anywhere.

CMMC Level 3 Regulatory Compliance built in Azure Policies

Microsoft Defender for Cloud

Azure Compliance

  • Microsoft Azure Commercial

    Build and manage powerful applications using Microsoft Azure cloud services. Microsoft Office 365 Commercial and Microsoft Office 365 GCC are both paired with Azure AD in Commercial.

  • Microsoft Azure Government

    Azure Government is our fully isolated cloud environment designed for data sovereignty. Delivers compliance with FedRAMP High, DFARS 7012, DoD CC SRG IL4/5, ITAR and EAR.

Microsoft Dynamics 365 and Power Platform

Adapt and innovate with the only portfolio of business applications that empowers your organization to deliver operational excellence and serve every constituent.

Dynamics 365 for US Government

Power Apps for US Government

Power Automate for US Government

  • Dynamics 365 - Commercial

    Deliver positive customer experiences faster. Optimize resources and help technicians be more efficient. Reduce operational costs. Dynamics 365 in Commercial is compatible with Azure AD in Commercial.

  • Dynamics 365 – GCC and GCC-H

    The services offered in GCC and GCC High are further protected with heightened compliance demands. Check the feature availability site to learn which features are available in each environment.

question mark icon

Need help deciding which Microsoft Cloud you need?

Resources

  • Blog

    Accelerating CMMC compliance for Microsoft cloud

  • Blog

    Microsoft CMMC Acceleration Program Update

  • Blog

    History of Microsoft Cloud Service Offerings leading to the US Sovereign Cloud for Government

  • Blog

    Understanding Compliance Between Microsoft 365 Commercial, GCC, GCC-High and DoD Offerings

  • Blog

    The Microsoft 365 Government (GCC High) Conundrum - DIB Data Enclave vs Going All In

  • Blog

    Microsoft expands qualification of contractors for government cloud offerings

  • Guide

    Microsoft CMMC 2.0 Level 1 Implementation Guide

  • Guide

    A guide to buying Microsoft 365 for Government

  • Guide

    CMMC templates in Compliance Manager

  • Guide

    A guide to buying Azure for Government

  • Guide

    Build your Azure environment using Microsoft built reference architectures which enable security and compliance

  • Other

    Official CMMC FAQ by the CMMC-AB

  • Other

    Microsoft Product Placemat for CMMC Level 3

Back to tabs
Follow us