CMMC with Microsoft Azure

About KLC Consulting:  Image of Kyle Lai, President and CISO.  Kyle holds CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor certifications.  KLC Consulting provides flexible and affordable CMMC compliance solutions.

Kyle Lai
President and CISO
KLC Consulting, Inc.
CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor

CMMC with Microsoft Azure discussion points:

I still receive questions about which versions of (Microsoft) Azure support CMMC, NIST 800-171, and DFARS 252.204-7012:

  • Is Azure Commercial sufficient for FCI and CUI?
  • Will we need Azure Commercial or GCC for CUI?
  • Do we need Azure GCC High for CUI?

In short – it depends:

Federal Contract Information (FCI):  Requires CMMC Level 1Azure Commercial meets compliance requirements.
Controlled Unclassified Information (CUI) without ITAR or Export Controlled Information: 
Requires CMMC Level 2 or 3 – Azure GCC meets compliance requirements.
CUI with ITAR or Export Controlled information: 
Requires CMMC Level 2 or 3 and compels Azure GCC High because of U.S. Sovereignty and U.S. person operations support requirements.

Microsoft Azure for CMMC: Versions and their compliance levels chart
Source: Microsoft Azure Website

Detailed Versions comparison information is available directly from the Azure site

latest CMMC video

IDor Vulnerabilities in Web APIs video

Free advice and useful resources

KLC Consulting CMMC YouTube.  CMMC with Microsoft Azure
KLC Consulting CMMC LInkedIn.  CMMC with Microsoft Azure

Check out our YouTube channel and LinkedIn pages for the latest information
and educational resources for Cybersecurity Maturity Model Certification.

Let’s Talk About Your CMMC Compliance Needs!


We meet you where you’re at and bring you to ‘CMMC Assessment Ready’
with as much or as little help as you need

This field is for validation purposes and should be left unchanged.