Achieve DFARS and CMMC compliance with Microsoft GCC High and Conquest Cyber
The Defense Industrial Base (DIB) is comprised of highly regulated organizations that require special environments to host their security systems and tools. That’s why Microsoft created the Government Community Cloud (GCC) High. It’s a cloud-based environment designed specifically to meet the stringent cybersecurity needs of the Department of Defense (DoD) and federal contractors.
GCC High shouldn’t be confused with the original Government Community Cloud environment. GCC isn’t suitable for handling controlled unclassified information (CUI) or controlled defense information, while GCC-High helps DIB organizations meet DoD-specific compliance requirements such as:
Regulations like Cybersecurity Maturity Model Certification (CMMC) mean DIB organizations require highly specialized tools and environments to host sensitive data. With that being said, on a day-to-day basis, many companies would prefer to use software that’s already been approved, implemented, and familiar to employees.
To compromise, GCC High includes subscriptions to essential Microsoft tools and pairs them with additional security that empowers organizations to meet strict industry requirements. These subscriptions include:
As CMMC becomes a requirement for organizations that want to work with the DoD in 2021, companies are urgently trying to streamline compliance efforts.
To add to the stress, the DFARS Interim Rule is requiring that DoD government contractors possess at least a basic NIST SP-800-171 DoD assessment that is no more than 3 years old. This assessment can be done online through the Defense Contract Management Agency and is required by November 30, 2020.
CMMC compliance requires every single DoD contractor to have an appropriate level of cybersecurity maturity by creating strict, standardized cybersecurity measures. This helps protect sensitive government data, regardless of company size or industry experience.
“CMMC will ensure a more level and fair playing field for companies bidding on DoD contracts.”
“Today, some small businesses bidding on work might self-attest that they meet requirements to handle certain kinds of information, but in fact only are planning to meet those requirements, while another business might actually be meeting the requirements.”
– Katie Arrington, DoD Chief Information Security Officer for Acquisition
CMMC serves as a verification tool to establish appropriate levels of maturity for cyber controls. The Office of the Under Secretary of Defense for Acquisition & Sustainment elaborates that:
“The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced.”
With levels ranging from 1 to 5, the requirements to achieve CMMC compliance increase as each level progresses. For example:
For example, according to NIST 800-171 3.5.1 and 3.5.2, organizations must identify all system users, processes acting on behalf of a user, and devices. To help meet this requirement, Microsoft’s GCC High has stringent background check capabilities for employees that align with the Office of Personnel Management (OPM) level 3 background check.
Because GCC-High is also reserved for organizations in the DIB sector, DoD contractors, and Federal Agencies, organizations must also be validated by Microsoft to use it. Being CMMC compliant and having a reliable cloud environment to accommodate sensitive data, is critical for organizations to earn high-value DoD contracts.
Learn More: Achieving Level 4 CMMC with ARMED™ and Microsoft
As a Microsoft Gold Competency Partner and FastTrack Ready Partner, Conquest Cyber has the expertise and software to support the unique cybersecurity needs of the defense industrial base. This includes access to award-winning cybersecurity professionals who have an extensive background in the industry and a wide variety of certifications including:
Alongside their team’s 24/7 support, Conquest Cyber’s proprietary software, ARMED™, automates cybersecurity procedures, eliminating slow manual processes, and giving valuable time back to security personnel to focus more on business growth initiatives.
Thanks to its unique, patent-pending technology that enhances Microsoft Defender and Azure Sentinel, ARMED™ allows Conquest Cyber’s security professionals to remediate gaps in an organization’s cybersecurity system and meet compliance requirements.
ARMED™ can help DIB organizations achieve 80% of advanced cybersecurity levels of CMMC compliance in just over 90 days. By combining comprehensive cybersecurity features from Microsoft’s GCC High with the ARMED™ software suite, defense contractors can modernize their critical infrastructure and prepare for a higher level of CMMC.
One of Conquest’s clients is a federally recognized Native American tribe in Northern California. Their goal was to provide secure and compliant access to Office 365 Productivity Workloads in a Government Community Cloud (GCC) High environment.
To achieve this goal, they were required to: