Peeling Back the Onion: Microsoft Security for Government Contractors

    After having several conversations with government contractors of varying sizes (25 person company to 1000) and with differing customer portfolios and data types (CUI, CDI, ITAR) - I continue to group the security best practices and corresponding technologies into four distinct but overlapping layers.

    Sure, you can create a complex web of all of these and get into the interconnectivity of it all, but most of our conversations are involving CSO's, COO's, CTO's, CEO's and other department leads that are simply not interested. Complexity doesn't always translate to compliance. Moreover, many leaders are wanting to better understand how their Microsoft security investments translate into ROI and risk management. 

    Here is a four part conversation that hits on each layer.


     Part 1: Identity Management



    The NIST 800-171 Controls that apply to MFA for reference: 


    Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.



    Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections which nonlocal maintenance is complete.


    Part 2: Tenant Security


    Part 3: Endpoint Security (or Container Security)


    Part 4: Governance



    Subscribe Here!

    Recent Posts

    Posts by Topic

    see all