CMMC 2.0 has been in place for a little over two months at this point, and it’s been a helpful upgrade for most businesses that support the defense industry. With a reduction of complexity and an increase in flexibility and focus on critical data, CMMC 2.0 has simplified the adherence to the framework.
When CMMC was released in 2020, small and midsized businesses (SMBs) in the defense industry and managed service providers (MSPs) both struggled to gain traction and alignment with the framework. This was due to the large gap in cyber and physical that most small businesses had at that time, forcing a lot of organizational change for companies that were not ready to implement.
The good news is that with the CMMC 2.0 upgrade, the US Department of Defense simplified the implementation process and burden on SMBs while, at the same time, gaining from the advancement in cybersecurity standards over the past five years.
With endpoint protection moving from AV to EDR, data protection moving from traditional backups to BCDR, and the continual shift from on-premises exchange to Microsoft 365®, SMBs in the defense industry have the tools and protection to help with several core areas of alignment with CMMC 2.0.
Microsoft has helped SMBs in this space by making several security features available in Microsoft 365 that support CMMC 2.0, including:
- Conditional access: Cybersecurity features that offer control over who can access what data under specific circumstances, such as requiring MFA and compliant devices or locations
- Data loss prevention: This focuses on identifying sensitive information and implementing restrictions to prevent it from leaving the organization’s control
- Threat protection: Using built-in features, such as anti-malware, anti-phishing, and intrusion detection, to help organizations meet CMMC requirements for safeguarding Controlled Unclassified Information (CUI)
With these features requiring planning and testing to roll out, MSPs can struggle to find ways to scale security deployment and alignment that help SMBs align with frameworks like CMMC 2.0. To help solve this challenge, we have built ConnectWise SaaS Security™ to make the Microsoft 365 CMMC 2.0 alliance as easy as possible. With the ability to run alignment reports against NIST Cybersecurity Framework 2.0, MSPs can scale identification and remediation of Microsoft 365 security features that support CMMC 2.0!
While Microsoft 365 is just one of several domains where CMMC 2.0 (NIST) controls need to be applied, leveraging automation of reporting and remediation offers both the MSP and SMB the ability to quickly address a critical area of CMMC 2.0 while also improving the organization’s overall cybersecurity defense across multiple organizations efficiently.
For more information about ConnectWise SaaS Security, please check out our trial offer >>
