Deploying CMMC-Compliant Microsoft Cloud Services to DoD Contractor

This broad-based professional services firm provides world-class support to US government and corporate clients. When they came to Centre, they needed to update their IT infrastructure to meet the new requirement for Department of Defense (DoD) contractors — the Cybersecurity Maturity Model Certification (CMMC).

CHALLENGE

Aging IT Infrastructure and Evolving Compliance Standards

This professional service firm contained an IT environment that had not been updated in approximately ten years. They were aware of the benefits of cloud migration and knew it would be the best next step for them, considering that their users were suffering from years of misaligned technology and reactive strategies. With an on-premise system, the team was drowning in operational needs while spending on IT maintenance.

In addition, the Department of Defense (DoD) announced a major cybersecurity mandate for defense contractors and subcontractors called the Cybersecurity Maturity Model Certification (CMMC). The CMMC program is based on NIST standards and comprised of three different levels.

The CMMC requires third-party assessors to validate an organization’s compliance with dozens of cybersecurity best practices to gauge whether organizations can properly protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

Companies within the Defense Industrial Base (DIB) that fail to achieve CMMC at the appropriate level won't be allowed to bid on Department of Defense (DoD) contracts. Initial deadlines specified that all IT-related DoD contracts would include CMMC requirements by the end of 2025. Knowing this, the company resolved to get in front of the competition and achieve CMMC as quickly as possible.

An additional objective was to truly secure the company’s systems and data from ever-evolving cybersecurity threats. To achieve these objectives, they knew to find a partner with the right cloud migration strategy. A partner that could enhance speed, scalability, and reliability while simplifying and standardizing their IT infrastructure. After months of research and evaluating many service providers, this company chose to partner with Centre Technologies.

SOLUTION AND RESULTS

Cloud Migration Aiding in CMMC Compliance

This DoD contractor looked at a few different companies but decided on Centre Technologies due to its methodical IT strategy presented in straightforward technical documentation and secure by default cloud deployments.

Centre executed a three-pronged approach using Microsoft 365, Microsoft Azure, and Microsoft Intune. The combination of the three would result in bringing the business closer to CMMC compliance. Implementing these Microsoft cloud solutions would also enhance speed, provide scalability, and streamline business processes. Because Microsoft's cloud services are CMMC friendly, Centre could perform seamless, easy to manage migrations that would stay relevant when CMMC Compliance is a requirement.

To stay ahead of compliance gaps, Centre CMMC-AB Registered Practitioners (CMMC-AB RP) assisted in deploying Microsoft 365 Compliance Manager along with assessment templates. As the DoD contractor's chosen CMMC-AB RPO, Centre also helped with adding required evidence for Microsoft Intune, including configuration screenshots and implementation dates for each Intune control configuration.

“Thanks to Centre's team of CMMC specialists, we passed our annual ISO 9001:2015 evaluation with flying colors... Not a single non-conformance or observation noted by the auditor." 

Director of IT Services
Provider of Professional Services for Government Entities

Additionally, Centre delivered a streamlined checklist outlining the remaining CMMC improvement actions for controls to further ensure success on their path to CMMC compliance.

LOOKING Forward

Achieving CMMC Compliance

Because this business is already putting in the work to achieve CMMC compliance before it is federally mandated, they are now on the path to becoming a recommended business by the DoD as opposed to waiting until the requirement is finalized and scrambling to achieve compliance, like other businesses. 

Not only have they passed rigorous pre-assessments thus far, but they are equipped to pass the final assessment when that time comes. For now, they are taking advantage of the new speed, reliability, and standardization of their IT environment that's improving their day-to-day operations.