President and CISO
KLC Consulting, Inc.
CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor
CMMC with Microsoft Azure discussion points:
I still receive questions about which versions of (Microsoft) Azure support CMMC, NIST 800-171, and DFARS 252.204-7012:
- Is Azure Commercial sufficient for FCI and CUI?
- Will we need Azure Commercial or GCC for CUI?
- Do we need Azure GCC High for CUI?
In short – it depends:
Federal Contract Information (FCI): Requires CMMC Level 1 – Azure Commercial meets compliance requirements.
Controlled Unclassified Information (CUI) without ITAR or Export Controlled Information: Requires CMMC Level 2 or 3 – Azure GCC meets compliance requirements.
CUI with ITAR or Export Controlled information: Requires CMMC Level 2 or 3 and compels Azure GCC High because of U.S. Sovereignty and U.S. person operations support requirements.
Let’s Talk About Your CMMC Compliance Needs!
We meet you where you’re at and bring you to ‘CMMC Assessment Ready’
with as much or as little help as you need
"*" indicates required fields