Consulting on how to utilize the Microsoft 365 Licenses on your path to CMMC L1 Compliance.


The purpose of this product is to provide assistance and framework for Organizations Seeking Certification (OSCs) needing CMMC Level 1. This consulting includes how to best leverage the power of your Microsoft 365 licenses to gather evidence you need for compliancy. This product is a Do-It-Yourself (DIY) Kit for preparing an organization for readiness and provides further explanation on the requirements, examples of templated policies that can be modified to match the client’s environment, and work instructions on how to gather evidence.

Target Audience

The target audience for this product is an operational IT manager at a small business (20-100 users) needing to become CMMC L1 compliant. The organization is relatively small and needs certification, however they don’t have a large compliance budget. They are looking for help in knowing what to do and are conscientious of time/money it takes to implement. They may either be underwater and looking for help or have a drive for knowledge and want ownership in the process.

The DIY Kit includes:

  • A copy of the CMMC Level 1 Self-Assessment Guide
  • A copy of the CMMC Self-Assessment Scope
  • 10 hours of consulting time
  • An instructional playbook
  • A proposed timeline for implementation (to be confirmed with client)
  • A CMMC DIY Compliance Checklist
  • An Assessment Information Collection Document to be completed by client and provided to assigned KAMIND compliance analyst
  • 6 templated policies for each of the domains
  • FutureFeed Level 1 subscription for 12 months
  • List of other resources available for helping with Level 1 readiness


The 10 hours of consultation are broken down into the following functions

  • 1 hour is dedicated to an initial assessment of the organization’s policies, procedures, and initial evidence
  • 2 hours are dedicated to reviewing updated client documentation
  • 6 hours are dedicated to client check-ins, including providing feedback on updated documentation, answering questions, and providing instruction for the next domain.
  • There is 1 hour remaining that the client can utilize to their discretion. Examples of what you may want to use that hour for include adding another hour for discussing a challenging domain, performing a final assessment of materials, assisting with the self-reporting process, etc.

The DIY kit does not include Microsoft 365 licenses, which will be be necessary for higher levels of compliancy in our model. If you do not have them, a separate engagement can be established to help you purchase the right Microsoft Licenses.

  • Microsoft 365 E3
  • Microsoft 365 E5

Xem nhanh