I work at a small tech start up gov contractor. Our apps are stored in Azure GCC. We have about 3 months to become CMMC compliant. I am responsible for making sure this happens. I do not have much Azure or security experience, but previous experience as a SWE and now a PM so Im pretty good at learning anything ADHOC and can figure out how to make Azure changes pretty effectively using online resources.

Basically, where I am at is that I have reviewed all the CMMC 2.0 security controls and am not sure where to start to make sure we are compliant and secure. Does GCC cover all of this? Is there a list of Azure configurations I can work on that will handle most of the requirements? What are the best steps to take in a system that doesnt really have any configurations made but is GCC. For the physical controls, I think I have that under control but ill take tips on all of it. Thanks guys. Really can use some wisdom here.