Level 1 – Handling Federal Contract Information (FCI) in M365
CMMC 2.0 Level 1 applies to contractors in the aerospace, defense, and related sectors who work with the Department of Defense and manage or process Federal Contract Information (FCI).
Key requirements for Level 1 include:
Implementation of 17 basic cybersecurity practices aligned with FAR 52.204-21 - Basic Safeguarding of Covered Contractor Information Systems
Completion of an annual self-assessment to verify compliance
Ensuring the protection of Federal Contract Information (FCI) from unauthorized access and disclosure
We assist government contractors in achieving compliance with DFARS 7012, NIST SP 800-171, and CMMC Level 1 and Level 2 requirements.
Level 2 – Protecting Controlled Unclassified Information (CUI)
CMMC 2.0 Level 2 applies to organizations partnering with the Department of Defense that handle, process, or store sensitive information critical to national security. This level is designed for contractors and subcontractors whose work involves safeguarding data beyond basic Federal Contract Information (FCI).
Examples of the types of sensitive data covered include:
Controlled Unclassified Information (CUI) / Covered Defense Information (CDI)
Controlled Technical Information (CTI)
Information governed by International Traffic in Arms Regulations (ITAR)
Most organizations within the Defense Industrial Base (DIB), along with many higher education institutions involved in defense-related research, will need to achieve CMMC Level 2 to meet contract requirements.
Safeguarding our nation’s most critical data
Level 1 Services
This project includes, but is not limited to:
Protecting sensitive data across your workstations, laptops, and mobile devices
Aligning Microsoft 365 E3 license configurations with the 12 technical security requirements of CMMC Level 1
Implementing data backup and retention strategies to support contract-specific compliance needs (optional)
Conducting a baseline review of your existing Microsoft 365 Commercial environment to identify compliance gaps (optional)
Level 2 Services
The implementation of your CMMC Level 2 solution may include these and other critical components:
Establishing a security baseline for your Microsoft 365 GCC or GCC High environment
Protecting corporate devices through Microsoft Intune endpoint security
Configuring Microsoft security tools to align with NIST SP 800-171 requirements
Setting up identity management and enforcing multi-factor authentication (MFA) with Azure Active Directory
Deploying Microsoft Purview Information Protection to safeguard sensitive data
Leveraging Microsoft Defender solutions for enhanced data security and threat protection
Streamlined Policy and Procedure Documentation
Struggling to develop the right cybersecurity documentation for CMMC Level 2?
Looking for customizable templates that align with CMMC 2.0 Level 2 requirements without draining your internal resources?
Our team leverages deep CMMC and NIST expertise to help you tailor ready-to-use templates and build out the essential policies, procedures, and plans needed to achieve CMMC Level 2 compliance.
Make CMMC Level 2 compliance achievable with: