CMMC Compliance as a Service for Microsoft 365

Nimbus Logic has engineered a low-cost, secure cloud-based service to expedite the process of compliance targeting CMMC 2.0 Level 2. This service utilizes the Microsoft cloud stack of technologies and includes all the following:

• Initial assessment of client technologies and inventory

• Setup & configuration of Microsoft 365 baseline security compliance policies in your GCC High tenant that includes Entra ID Management and Secure Access Policies Configuring Microsoft Purview Information Protection in your tenant Data Loss Prevention (DLP), Conditional Access & Compliance policies App Protection & Attack Surface Reduction (ASR) policies Device configuration & compliance policies leveraging Microsoft Intune for endpoint management and reporting  Assisted endpoint enrollment into Microsoft Intune and remediation of any items preventing full device compliance “Customer-Key” encryption, to ensure only your organization holds the encryption keys. SIEM (Microsoft Sentinel) system setup to log all events within last 90 days and analysis of events for incident monitoring.

• Onboarding of devices, such as workstations & mobile devices, to Microsoft Intune to enforce endpoint security policies. All endpoints and cloud services will have ongoing real-time monitoring for compliance, threat & vulnerabilities.

• Compliance assessment portal that will allow you to efficiently perform your NIST SP 800-171 & CMMC 2.0 self-assessment. This portal will generate your SPRS score, POAM & SSP documents upon completion of the gap analysis.

• Security threat reporting and remediation for any incidents identified in the Microsoft cloud or enrolled endpoints

• Compliance monitoring & automated alert tracking

• Scheduled tasks required by policy, including regular security scans & threat attack simulations