Hello to all of you who are kind enough to read this and give me some advice! I was recently hired on at a (VERY) small government subcontracting business as an MIS intern with the main focus of CMMC compliance. I was initially pretty overwhelmed when looking into the wide scope of the CMMC but as I learned more I have gained some confidence. Currently, my company only has a license for Microsoft 365 Business Standard. Obviously, this isn't nearly enough for the CMMC. After doing research I have determinded that will need to purchase Microsoft 365 Business Premium and Microsoft Enterprise Mobility + Security E5. Along side this, I have found two very helpful resources called the Microsoft Technical Reference Guide for CMMC 2.0 and Microsoft Product Placemat for CMMC 2.0 which can be downloaded from the microsoft website linked below. They give a nice overview for how the microsoft tools can be used for CMMC compliance. In addition to this, I have downloaded a template for the SSP from Etactics (it was free on their website).
Do I seem to be going in the right direction? The only guidence I have recieved so far is with from a company called Project Spectrum that we are partnered with under the "Mentor-Protégé Program (MPP)" Pilot Program but honestly they have been extremely little help. I feel a little lost in this and am just hoping that some can let me know if im putting myself on the right track. Thank you so much!
If you dont want to click these links then just lookup the names on google and youll find them.
Microsoft Technical Reference Guide for CMMC 2.0:
https://www.microsoft.com/en-us/download/details.aspx?id=102536
Microsoft Product Placemat for CMMC 2.0
https://www.microsoft.com/en-us/download/details.aspx?id=103401
Etactics SSP Template
[link] [comments]