Forum Discussion
CMMC Control Mapping
Hi! Is there a map for NIST 800-53 or 800-171 or any of the CMMC levels available that I can use to show which controls my Microsoft 365 G5 usage maps to for compliance auditing?
TJBanasik
Microsoft
Microsoftchriskeeling We've published a CMMC with Microsoft Azure (10 Part Blog Series) which will be helpful for your CMMC control mapping requirements.
- Access Control Maturity
- Audit & Accountability Maturity
- Asset & Configuration Management Maturity
- Identification & Authentication Maturity
- Incident Response Maturity
- Maintenance & Media Protection Maturity
- Recovery & Risk Management Maturity
- Security Assessment & Situational Awareness Maturity
- System & Communications Protection Maturity
- System & Information Integrity Maturity
TJBanasik Thanks! This is very useful and the mapping is straightforward. I particularly appreciate that you have included the steps for how to assign the policies and controls through Azure. Can I do them from within Microsoft 365 G5 or can I only do them by logging into our Azure portal to perform all of these tasks (as you describe on the blog)?
- TJBanasikThis blog series was geared towards CMMC with Azure, so I'd recommend leveraging the Azure portal as a starting point.
