CMMC Implementation for Microsoft 365 (8 Wk Proj)

Summit 7 Systems, Inc

Summit 7 implements all applicable and addressable Cybersecurity Maturity Model Certification (CMMC) practices associated with Levels 1-3 for Microsoft 365, as well as Azure and AAD where appropriate.

Summit 7 implements an end to end security solution to meet Cybersecurity Maturity Model Certification (CMMC) Level 2 using native Microsoft Enterprise Mobility and Security products for Microsoft 365 - including Microsoft Defender, Data Loss Prevention (DLP), Microsoft Intune and many others. This approximately eight week project will also include all applicable and addressable Azure Security products to meet CMMC requirements. Summit 7 will configure and implement Azure KeyVault, Defender for Cloud settings and Conditional Access policies, Microsoft Sentinel, and Microsoft Information Protection.

NOTE - A project agenda is provided below; however, some portions of the project can run concurrently or in varying order depending upon resourcing. Also, this list of activities is not exhaustive.

The first three weeks, including kickoff, entail the following activities: o Deploy Azure CMMC L2 Baseline Configuration o Build Storage Accounts o Deploy and Configure Azure Log Analytics o Deploy and Configure Azure KeyVault o Deploy and Configure Defender for Cloud o Deploy and Configure Microsoft Sentinel o Deploy and Configure Azure Firewall o and much more.

The latter five weeks, including project closure, entail the following activities and several not listed here:

  • Configure Azure Identity Management o Azure Active Directory o Azure AD Connect
  • Governance Controls for SharePoint Online and OneDrive
  • Configure Microsoft Defender for Office 365
  • Enable Data Loss Prevention (DLP) Policies
  • Multi-Factor Authentication o Configuration and Test/Validation o Communication Management
  • Intune Enterprise Mobility (Mobile Devices: Phones, Tablets) o Baseline Review and Policy Decision o Mobile Device Management Profile o Mobile Device Management Policy o Mobile Application Management Policy o Conditional Access Policy o Test enrollment (two mobile devices) and validation
  • Microsoft Information Protection Policies for CUI Sensitivity Labels

במבט מהיר