Deploying CMMC-Compliant Microsoft Cloud Services to DoD Contractor

This broad-based professional services firm provides world-class support to US government and corporate clients. When they came to Centre, they needed to update their IT infrastructure to meet the new requirement for Department of Defense (DoD) contractors — the Cybersecurity Maturity Model Certification (CMMC).


Aging IT Infrastructure and Evolving Compliance Standards

This professional service firm contained an IT environment that had not been updated in approximately ten years. They were aware of the benefits of cloud migration and knew it would be the best next step for them, considering that their users were suffering from years of misaligned technology and reactive strategies. With an on-premise system, the team was drowning in operational needs while spending on IT maintenance.

In addition, the Department of Defense (DoD) announced a major cybersecurity mandate for defense contractors and subcontractors called the Cybersecurity Maturity Model Certification (CMMC). The CMMC program is based on NIST standards and comprised of three different levels.

The CMMC requires third-party assessors to validate an organization’s compliance with dozens of cybersecurity best practices to gauge whether organizations can properly protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

Companies within the Defense Industrial Base (DIB) that fail to achieve CMMC at the appropriate level won't be allowed to bid on Department of Defense (DoD) contracts. Initial deadlines specified that all IT-related DoD contracts would include CMMC requirements by the end of 2025. Knowing this, the company resolved to get in front of the competition and achieve CMMC as quickly as possible.

An additional objective was to truly secure the company’s systems and data from ever-evolving cybersecurity threats. To achieve these objectives, they knew to find a partner with the right cloud migration strategy. A partner that could enhance speed, scalability, and reliability while simplifying and standardizing their IT infrastructure. After months of research and evaluating many service providers, this company chose to partner with Centre Technologies.



Cloud Migration Aiding in CMMC Compliance

This DoD contractor looked at a few different companies but decided on Centre Technologies due to its methodical IT strategy presented in straightforward technical documentation and secure by default cloud deployments.

Centre executed a three-pronged approach using Microsoft 365, Microsoft Azure, and Microsoft Intune. The combination of the three would result in bringing the business closer to CMMC compliance. Implementing these Microsoft cloud solutions would also enhance speed, provide scalability, and streamline business processes. Because Microsoft's cloud services are CMMC friendly, Centre could perform seamless, easy to manage migrations that would stay relevant when CMMC Compliance is a requirement.

To stay ahead of compliance gaps, Centre CMMC-AB Registered Practitioners (CMMC-AB RP) assisted in deploying Microsoft 365 Compliance Manager along with assessment templates. As the DoD contractor's chosen CMMC-AB RPO, Centre also helped with adding required evidence for Microsoft Intune, including configuration screenshots and implementation dates for each Intune control configuration.


“Thanks to Centre's team of CMMC specialists, we passed our annual ISO 9001:2015 evaluation with flying colors... Not a single non-conformance or observation noted by the auditor.

Director of IT Services
Provider of Professional Services for Government Entities

Additionally, Centre delivered a streamlined checklist outlining the remaining CMMC improvement actions for controls to further ensure success on their path to CMMC compliance.



Achieving CMMC Compliance

Because this business is already putting in the work to achieve CMMC compliance before it is federally mandated, they are now on the path to becoming a recommended business by the DoD as opposed to waiting until the requirement is finalized and scrambling to achieve compliance, like other businesses. 

Not only have they passed rigorous pre-assessments thus far, but they are equipped to pass the final assessment when that time comes. For now, they are taking advantage of the new speed, reliability, and standardization of their IT environment that's improving their day-to-day operations.  


About Centre CMMC Compliance Support Services
As a CMMC-AB Registered Provider Organization (RPO), Centre Technologies guides government entities and subcontractors for the Department of Defense (DoD) through the Cybersecurity Maturity Model Certification (CMMC) path and certification process. 

About Microsoft 365 Compliance Manager
This feature within Microsoft 365 Compliance Center helps organizations manage compliance requirements with greater ease and convenience by delivering a risk-based compliance score in addition to tools for tracking progress in completing improvement actions.

Originally published on October 21, 2021

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Centre Technologies Centre Technologies

Centre Technologies is a full-service IT consulting and managed services provider headquartered in Texas, with a focus on mid-sized businesses. As a trusted IT partner for well over a decade, Centre is recognized for its local experience and enterprise-grade cloud and cybersecurity solutions. Centre is committed to helping organizations harness the power of technology to maximize their operational efficiency and exceed their business goals. Learn more about Centre Technologies »

Follow on LinkedIn »