"3.13.10: Establish and manage cryptographic keys for cryptography employed in organizational systems" requiresM365 "Customer Key" required for CMMC?

old.reddit.com / @/u/ElegantEntropy, https://old.reddit.com/user/ElegantEntropy

Hi all,

So 3.13.10 requires the org to "establish and manage crypto keys" and they require cryptography for any CUI at rest or in transmission. O365/M365 GCCH allows "Customer Key" (service level encryption for the entire tenant where the customer sets the key). This controls encryption for the tenant services in Microsoft's systems. However, they only give you this option at the E5/G5 license level (Office/Microsoft 365 E/G5, E/G5 Compliance, etc)

So it sounds like the only way to properly utilize GCCH for CUI is to be on the licenses that allow to set "Customer Key" which are only available in select E5/G5 licenses?

submitted by /u/ElegantEntropy
[link] [comments]

published 11 months ago


Previous

Mission Accomplished!
published 11 months ago

Next

NIST 800-171 Control documentation
published 11 months ago
See all items from the same source