Microsoft 365 is a great service that has become the backbone of many businesses including those with DFARS requirements surrounding controlled unclassified information. Microsoft takes security seriously, that’s why they include top of the line encryption with their services, have strict data center security, and their Microsoft 365 comes with a wide range of configurable settings. Microsoft has done what it can for you, but it isn’t responsible for completely hardening your Micrsoft 365 environment nor is it responsible for your compliance with NIST SP 800-171 7 CMMC related requirements. You are.
What You Need to Do
Within Microsoft 365, there are dozens of security settings surrounding email security, Azure AD, SharePoint security, OneDrive security, teams' security, and other Microsoft 365 security settings. Here are some questions you should ask yourself?
Here are some questions you should ask yourself?
Have we sufficiently restricted SharePoint and OneDrive sharing settings?
Have we implemented the appropriate DNS configurations (DKIM, DMARC)?
Have we configured audit logging and are we periodically reviewing the appropriate logs?
Have we configured the appropriate collaboration settings in Microsoft Teams?
Have we configured the necessary setting surrounding the use of third-party applications?
Have we configured the necessary settings to ensure that modern authentication is used to protect CUI?
Do we have labelling policies in place?
Do we have multi-factor authentication setup?
Have we reviewed our user account list?
Have we reviewed our security groups?
This is not an exhaustive list, rather these are the basics you should be concerned about when trying to meet your NIST SP 800-171 & CMMC requirements. A good baseline you can use for hardening your Microsoft 365 tenant, is the Center for Internet Security’s baseline, available on their website.
How We Can Help
Lake Ridge has supported hundreds of companies in meeting their DFARS NIST SP 800-171 and CMMC related requirements. This includes implementing the full set of security configuration requirements necessary for making your Microsoft 365 environment compliant with NIST SP 800-171 requirements. If you would like to receive the same help, you may contact us at info@lakeridge.io.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.