CMMC Compliance as a Service - Microsoft 365

Nimbus Logic LLC

Cloud CMMC Compliance for Defense Industrial Database.

Nimbus Logic has engineered a secure cloud-based service to expedite the process of compliance with the DFARS interim rule, and subsequently CMMC. This service utilizes the Microsoft cloud stack of technologies and includes all the following:

• Initial assessment of client technologies and inventory

• Setup & configuration of Microsoft 365 baseline security compliance policies in your GCC High tenant that includes Azure Active Directory Identity Management and Secure Access Policies Configuring Microsoft Information Protection (MIP) in your tenant Data Loss Prevention (DLP), Conditional Access & Compliance policies App Protection & Attack Surface Reduction (ASR) policies Device configuration & compliance policies leveraging Microsoft Intune for endpoint management and reporting  Assisted endpoint enrollment into Microsoft Intune and remediation of any items preventing full device compliance “Customer-Key” encryption, to ensure only your organization holds the encryption keys. SIEM (Microsoft Sentinel) system setup to log all events within last 90 days and analysis of events for incident monitoring.

• Onboarding of devices, such as workstations & mobile devices, to Microsoft Endpoint Manager to enforce endpoint security policies. All endpoints and cloud services will have ongoing real-time monitoring for compliance, threat & vulnerabilities.

• Compliance Accelerator portal that will allow you to efficiently perform your NIST SP 800-171 & CMMC 2.0 self-assessment through a guided assessment by answering questions and providing the artifacts necessary. This portal will generate your SPRS score, POAM & SSP documents upon completion of the gap analysis.

• Security threat reporting and remediation for any incidents identified in the Microsoft cloud or enrolled endpoints

• Compliance monitoring & automated alert tracking

• Scheduled tasks required by policy, including regular security scans & threat attack simulations

• Ongoing compliance guidance

• Annual Gap Analysis review & assessment

• Secure handling of CUI data by authorized personnel

At a glance