Skip to content

DFARS 7012 Compliant and CMMC 2.0 Ready Backup

If your information systems are secure and compliant, your backups should be too.

Many organizations make a wise business risk decision to backup and/or archive critical information systems. This decision is now more complicated for Aerospace and Defense companies required to meet DFARS 7012, not including the potential security audits coming through Cybersecurity Maturity Model 2.0 Certification (CMMC 2.0). These information systems likely house Controlled Unclassified Information (CUI), and if they do, they are required to meet the MP.L2-3.8.9 control. This simply states that you must protect the confidentiality of the backup CUI at storage locations.

With this in mind, it is critical to configure your backup environment to NIST 800-171/CMMC 2.0 Level 2 and meet the external cloud provider requirements of DFARS 7012. One proper path is through a compliant Backup Solution in Azure Government. Below is a high-level overview of this solution along with some example activities in the project.

checkmark_redAzure Baseline Configuration - i.e. Build storage accounts
checkmark_redSetup Conditional Access Policies - i.e. Establish suspect countries
checkmark_redSetup Azure Monitor and Reporting 
checkmark_redSetup Azure Recovery Vaults Services
checkmark_redAzure Network Implementation - i.e. Virtual network and subnets
checkmark_redAzure Site Recovery (Offsite DR Site)
checkmark_redEstablish least privilege using Azure RBAC


Azure frees you from upfront capital expenses and the time it takes to manage services locally. And that means you can focus on what’s important: running your business.

Safeguard your business with unmatched security management and threat protection for all backed-up applications and data, whether they’re on-premises or in the cloud. Plus, Azure has more security and certifications than any other cloud provider for DoD contractors.


2 Parade St NW
Huntsville, AL 35806


Obtain a Compliant Backup Solution

The Summit 7 Team recently filmed a webinar on CMMC Backup Requirements and Strategies. Watch the video below: