Are you interested in maturing your security operations center capabilities? Do you need to align your cloud, multi-cloud, on-premises, and hybrid workloads for CMMC 2.0 compliance? We are pleased to announce the next evolution of the Microsoft Sentinel Cybersecurity Maturity Model Certification 2.0 Solution. This content features a redesigned user interface, new control card layouts, dozens of new visualizations, better-together integrations with Microsoft Defender for Cloud for assessments and alerting rules to actively monitor/alert on compliance posture deviations across each CMMC 2.0 control family.
Microsoft Sentinel: CMMC 2.0 Workbook
The Cybersecurity Maturity Model Certification (CMMC) 2.0 model consists of processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the Defense Industrial Base (DIB) and Department of Defense (DoD stakeholders. The CMMC 2.0 model specifies three levels Level 1 (Foundational) to Level 3 (Advanced). See the ?CMMC 2.0 Model for more information.
This solution enables governance and compliance teams to design, build, monitor, and respond to CMMC 2.0 requirements across numerous 1st and 3rd party security offerings. The solution includes the new CMMC 2.0 Workbook, (2) Analytics Rules, and (3) Playbooks. While only Microsoft Sentinel is required to get started, the solution is enhanced with numerous Microsoft offerings, including, but not limited to:
CMMC 2.0 Workbook: Provides a mechanism for viewing log queries, azure resource graph, metrics, and policies aligned to CMMC 2.0 controls across 25+ Microsoft products across Azure, Office365, Windows, and many more. This workbook enables Compliance Professionals, Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective CMMC 2.0 requirements and practices.
CMMC 2.0 Analytics Rules: (2) new analytics rules aligned to actively monitor CMMC posture by Level 1 (Foundational) and Level 2 (Advanced) requirements. Thresholds are customizable for alerting compliance teams to changes in posture. For example, suppose your workload's Access Control family policy compliance posture falls below 70% in a week. In that case, an alert is generated detailing respective policy status (passing & failing), assets identified, last assessment time, and deep links to Microsoft Defender for Cloud for remediations.
Notify_GovernanceComplianceTeamprovides the capability to automatically monitor CMMC 2.0 policy drift and notify the Governance Compliance team with the relevant details in both email and Microsoft Teams message.
Open_DevOpsTask is designed to create an Azure DevOps Task when an alert is triggered. This automation enables a consistent response when resources become unhealthy relative to a predefined recommendation, enabling teams to focus on remediation and improving response times.
Open-JIRA-Ticket opens a JIRA issue when a recommendation is unhealthy in Microsoft Defender for Cloud. This automation improves time to response by providing consistent notifications when resources become unhealthy relative to a predefined recommendation.
Build/design workloads within CMMC 2.0 requirements
Customizable reporting for subscription, workspace, time, control family, and level requirements
Document Assessments via implementation, implementation dates, and notes
Redesigned Control Cards, Coverage across 16 Control Families, and Level 1-2 Requirements.
Fully customizable panels for 3rd party product integration
Deep links integration for seamless pivots between security products
Compliance cross-walks to NIST SP 800-171, and NIST SP 800-53 guidance, and controls aligned to Microsoft references
Query/Alert generation with (2) new analytics rules
150+ visualizations, recommendations, queries across logs, azure resource graph, policy, metrics, and APIs
Single-click report exports via Print Workbooks feature
Integration with Microsoft Defender for Cloud: NIST SP 800-171 Regulatory Compliance Assessment
Security Governance, Risk, Compliance Professionals: Compliance posture assessment and reporting
Engineers/Architects: Design and Build CMMC 2.0 aligned workloads
SecOps: Alert/Automation building
Managed Security Service Providers: Consulting services
This content is designed to provide the foundation for designing, building, and monitoring workload compliance within CMMC 2.0 directives. Below are the steps to onboard required dependencies, enable connectors, review content, and provide feedback.
Microsoft Sentinel > Workbooks > Select "CMMC 2.0"
Review/Enable CMMC 2.0 Analytics Rules
Microsoft Sentinel > Analytics > Search "CMMC 2.0"
Review Playbook Automations
Microsoft Sentinel > Automation > Active playbooks > Search "Notify-GovernanceComplianceTeam", "Open_DevOpsTask", and "Open-JIRA-Ticket" > Enable
Create Automation Rule
Analytics > Search "CMMC 2.0" > Edit > Automated Response > Add new > Select Actions: Run Playbook > Select Notify-GovernanceComplianceTeam and configure automation options > Review > Save > Mirror configuration across all CMMC 2.0 analytics rules.
Review the content and provide feedback through the survey
Frequently Asked Questions
Are custom views and reports supported?
Yes, via subscription, workspace, time, control family, maturity level parameters. You can select everything, specific control families, maturity level reports as needed, and export via the print/save workbooks feature.
Are additional products required?
Microsoft Sentinel and Microsoft Defender for Cloud are required. Each control card is based on telemetry from multiple products, including which product is leveraged and what type of telemetry is used for the visualization. 25+ Microsoft security products provide enrichment to this solution.
Are panels with no data bad?
No, this provides a starting point for setting a plan of action for meeting CMMC 2.0 control requirements, including recommendations for addressing respective controls.
Is Multi-Subscription, Multi-Cloud & Multi-Tenant supported?