Announcing the Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution

Are you interested in maturing your security operations center capabilities? Do you need to align your cloud, multi-cloud, on-premises, and hybrid workloads for CMMC 2.0 compliance? We are pleased to announce the next evolution of the Microsoft Sentinel Cybersecurity Maturity Model Certification 2.0 Solution. This content features a redesigned user interface, new control card layouts, dozens of new visualizations, better-together integrations with Microsoft Defender for Cloud for assessments and alerting rules to actively monitor/alert on compliance posture deviations across each CMMC 2.0 control family.

Microsoft Sentinel: CMMC 2.0 Workbook

The Cybersecurity Maturity Model Certification (CMMC) 2.0 model consists of processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the Defense Industrial Base (DIB) and Department of Defense (DoD stakeholders. The CMMC 2.0 model specifies three levels Level 1 (Foundational) to Level 3 (Advanced). See the ?CMMC 2.0 Model for more information.

This solution enables governance and compliance teams to design, build, monitor, and respond to CMMC 2.0 requirements across numerous 1st and 3rd party security offerings. The solution includes the new CMMC 2.0 Workbook, (2) Analytics Rules, and (3) Playbooks. While only Microsoft Sentinel is required to get started, the solution is enhanced with numerous Microsoft offerings, including, but not limited to:

• Microsoft 365 Defender
• Microsoft Information Protection
• Azure Active Directory
• Microsoft Defender for Cloud
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Cloud Apps
• Microsoft Defender for Office 365

Content

CMMC 2.0 Workbook: Provides a mechanism for viewing log queries, azure resource graph, metrics, and policies aligned to CMMC 2.0 controls across 25+ Microsoft products across Azure, Office365, Windows, and many more. This workbook enables Compliance Professionals, Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective CMMC 2.0 requirements and practices.

CMMC 2.0 Analytics Rules: (2) new analytics rules aligned to actively monitor CMMC posture by Level 1 (Foundational) and Level 2 (Advanced) requirements. Thresholds are customizable for alerting compliance teams to changes in posture. For example, suppose your workload's Access Control family policy compliance posture falls below 70% in a week. In that case, an alert is generated detailing respective policy status (passing & failing), assets identified, last assessment time, and deep links to Microsoft Defender for Cloud for remediations.

Playbooks

1. Notify_GovernanceComplianceTeam provides the capability to automatically monitor CMMC 2.0 policy drift and notify the Governance Compliance team with the relevant details in both email and Microsoft Teams message.
2. Open_DevOpsTask is designed to create an Azure DevOps Task when an alert is triggered. This automation enables a consistent response when resources become unhealthy relative to a predefined recommendation, enabling teams to focus on remediation and improving response times.
3. Open-JIRA-Ticket opens a JIRA issue when a recommendation is unhealthy in Microsoft Defender for Cloud. This automation improves time to response by providing consistent notifications when resources become unhealthy relative to a predefined recommendation.

Benefits

• Build/design workloads within CMMC 2.0 requirements
• Customizable reporting for subscription, workspace, time, control family, and level requirements
• Document Assessments via implementation, implementation dates, and notes
• Redesigned Control Cards, Coverage across 16 Control Families, and Level 1-2 Requirements.
• Direct alignment to the Microsoft Technical Reference Guide for CMMC
• Fully customizable panels for 3^rd party product integration
• Deep links integration for seamless pivots between security products
• Compliance cross-walks to NIST SP 800-171, and NIST SP 800-53 guidance, and controls aligned to Microsoft references
• Query/Alert generation with (2) new analytics rules
• 150+ visualizations, recommendations, queries across logs, azure resource graph, policy, metrics, and APIs
• Single-click report exports via Print Workbooks feature
• Integration with Microsoft Defender for Cloud: NIST SP 800-171 Regulatory Compliance Assessment

Audience

• Security Governance, Risk, Compliance Professionals: Compliance posture assessment and reporting
• Engineers/Architects: Design and Build CMMC 2.0 aligned workloads
• SecOps: Alert/Automation building
• Managed Security Service Providers: Consulting services

Getting Started

This content is designed to provide the foundation for designing, building, and monitoring workload compliance within CMMC 2.0 directives. Below are the steps to onboard required dependencies, enable connectors, review content, and provide feedback.

• Onboard Microsoft Sentinel and Microsoft Defender for Cloud
• Add the Microsoft Defender for Cloud: NIST SP 800-171 Assessment to the regulatory compliance dashboard
• Continuously Export Security Center Data to Log Analytics Workspace
• Deploy the Microsoft Sentinel CMMC 2.0 Solution
  • Microsoft Sentinel > Content Hub > Select "CMMC 2.0 Solution" >Configure deployment options > create
• Review the CMMC 2.0 Workbook
  • Microsoft Sentinel > Workbooks > Select "CMMC 2.0"
• Review/Enable CMMC 2.0 Analytics Rules
  • Microsoft Sentinel > Analytics > Search "CMMC 2.0"
• Review Playbook Automations
  1. Microsoft Sentinel > Automation > Active playbooks > Search "Notify-GovernanceComplianceTeam", "Open_DevOpsTask", and "Open-JIRA-Ticket" > Enable
  2. Create Automation Rule
     •      Analytics > Search "CMMC 2.0" > Edit > Automated Response > Add new > Select Actions: Run Playbook > Select Notify-GovernanceComplianceTeam and configure automation options > Review > Save > Mirror configuration across all CMMC 2.0 analytics rules.

• Review the content and provide feedback through the survey

Frequently Asked Questions

• Are custom views and reports supported?
  • Yes, via subscription, workspace, time, control family, maturity level parameters. You can select everything, specific control families, maturity level reports as needed, and export via the print/save workbooks feature.

• Are additional products required?
  • Microsoft Sentinel and Microsoft Defender for Cloud are required. Each control card is based on telemetry from multiple products, including which product is leveraged and what type of telemetry is used for the visualization. 25+ Microsoft security products provide enrichment to this solution.
• Are panels with no data bad?
  • No, this provides a starting point for setting a plan of action for meeting CMMC 2.0 control requirements, including recommendations for addressing respective controls.
• Is Multi-Subscription, Multi-Cloud & Multi-Tenant supported?
  • Yes, via Workbook Parameters, Azure Lighthouse, and Azure Arc
• Is 3rd Party integration supported?
  • Yes, 3rd Party products are supported in Microsoft Sentinel Security Incidents and select Microsoft Defender for Cloud Recommendations
• Is this available in government regions?
  •  Yes, this content is deployable in all clouds
• What rights are required to use this content?
  • Microsoft Sentinel Contributor can create and edit workbooks, analytics rules, and other Microsoft Sentinel resources. Microsoft Sentinel Reader can view data, incidents, workbooks, and other Microsoft Sentinel resources.

Learn More About CMMC 2.0 with Microsoft Security

• Microsoft Cybersecurity Maturity Model Certification Portal
• Microsoft CMMC Acceleration Program
• Details of the CMMC Level 3 Regulatory Compliance built-in initiative
• How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud