With this article, we now approach the last phase of preparing for your CMMC Certification, which is planning the ongoing maintenance of your security program.
How It Is Done
This realm falls under the category of what is known as Security Management. Obviously, you are going to have many controls in place in which you are going to safeguard and protect both the CUI and FCI datasets that the DoD has entrusted you with. There will be a lot of information and data which has to be collected and analyzed, and we all know that nobody on your IT Security team is going to have the time to do this on a real time basis.
Thus, you need to have an automated tool in place that can do this work for you, and these are known as Monitoring Agents. Technically, they can be defined as follows:
“The Microsoft Monitoring Agent is a service used to watch and report on application and system health on a Windows computer. The Microsoft Monitoring Agent collects and reports a variety of data including performance metrics, event logs and trace information.”
(SOURCE: 1).
In other words, the Monitoring Agent is literally your eyes and ears to alert you if there is any breach to your controls, or if there is any suspicious behavior that is being observed.
What You Can Use From Microsoft
Probably one of the most powerful tools that you can make use of in this regard is Azure Sentinel. Essentially, it is an advanced version of a Monitoring Agent, by offering the following capabilities:
- It can collect at a macro level:
Because of how advanced it is, Sentinel can literally keep track of all of the end users, devices, and applications that are being used, especially when it comes to handling the FCI and CUI datasets.
- It makes use of AI:
By using Artificial Intelligence, Azure Sentinel can formulate hypotheses if a possible threat variant is forming, before it actually becomes one. This is especially crucial to have if you are storing and processing datasets from the DoD. This also serves a strong advantage to your organization, as it shows you are taking strong steps in being Cyber proactive. Using this tool also prevents from false alerts creeping into your system.
- Respond to threats quickly:
Since Azure Sentinel is essentially a SIEM (which stands for Security Information Event Management) platform, you can respond to any variants that are threatening your FCI and CUI datasets in a very efficient and effective manner.
An illustration of this can be seen below:
(SOURCE: 2).
Using The CMMC Tools In Azure Sentinel
If you are using Microsoft Azure for containing and processing both the FCI and CUI datasets, you have some great tools that you can work with to help you to achieve CMMC Compliance. One of these is CMMC Workbook. Through this tool, you can get a bird’s eye view of the other Azure functionalities that are in compliance, and those that still need to. For example, this list includes the following:
*Azure Active Directory
*Azure Active Directory Identity Protection
*Azure Activity
*Azure DDoS Protection
*Azure Firewall
*Azure Information Protection
*Azure Security Center
*Common Event Format
*DNS
*Intune
*Microsoft 365 Defender
*Microsoft Cloud App Security
*Microsoft Defender for Endpoint
*Microsoft Defender for Identity
*Office 365
*Security Events
*Syslog
*Threat Intelligence Platforms
*Windows Firewall
*Teams
*User Entity Behavior Analytics
Windows Virtual Desktop
(SOURCE: 3).
Using The CMMC Compliance Manager
Now that you have the entire diagnostics of the above-mentioned functionalities, the next step is to obtain a baseline of how far you have to go to achieve CMMC Compliance (or even if you have already met it). In this instance, you will want to make use of what is known as the CMMC Compliance Manager which can also be used in conjunction with Azure Sentinel. This is a great tool to help you stay current with the provisions of the CMMC, and even gives you the information that you need if you need to submit a report to federal auditors.
It can do the following:
- You can make use of the built-in assessment tools or even create your own customized assessments per the direction of your C3PAO.
- You can monitor to see how you are minimizing the risks that are posed to your controls through a single dashboard.
- You will get automated, customized strategies on how to improve your overall CMMC Compliance posture.
- All of this quantified through a specialized Compliance Score to show you how far you have come in your progress to achieve CMMC certification at the level you are aiming for.
All of this can be seen in the image below:
(SOURCE: 4).
Conclusions
A key advantage of using the tools detailed in this article is that they notify you of your compliance status on a real time basis. They also provide remediation steps that you can take if any weaknesses or gaps are found in the controls you have deployed in Microsoft Azure.
If you need more help in this process, contact us today!
Sources
- https://searchwindowsserver.techtarget.com/definition/Microsoft-Monitoring-Agent
- https://docs.microsoft.com/en-us/azure/sentinel/overview
- https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-cybersecurity-maturity-model-certification-cmmc/ba-p/2111184
- https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide