Third Quarter 2020 CMMC and Microsoft Government Cloud Updates

    It is often an uneasy task to identify all of the updates and changes to CMMC and the Office 365 Government Community Cloud High (GCC High) platform, much less validate them. This blog and video below is intended to keep the community of GCC High and Azure Government users up to date on the latest updates and happenings throughout the industry. This information will not be exhaustive of every update or change, but should address the most noteworthy. 

    One last note: Certain features or products are in public preview. It is our firm recommendation that you do not roll out or migrate to any new product before it is generally available. If a feature is in preview, the fine print basically states that it is unsupported by MS. Therefore, you are in treacherous waters in the event that something breaks or malfunctions. 



    If You Prefer, Watch the Video Above /Subscribe to the YouTube Channel for Updates


    New Acronyms and Open Applications

    The CMMC-AB came out with a significant update this Quarter and provided details on six of the ten defined roles in the CMMC ecosystem. The application process is now open for five of these roles on the CMMC-AB website. The Organization Seeking Certification (OSC), or Government Contractor, does not receive its assessment from the AB directly. 

    Numbers to Consider

    • The updated AB content states that a CMMC Certification is valid for three years regardless of Level
    • OSC's should start the process of certification six months from their expected contractual need
    • OSC's will have 90 days to remedy any findings from the initial assessment
    • A Level 3 Audit could cost $20K+ based upon pure costs incurred by the Certified Third-Party Assessor Organizations (C3PAO) and CMMC-AB Certified Assessors (CCA). See the video above for the breakdown at 17:00.

    New Timeline

    Though the global pandemic has impacted some of the collaboration and approval processes among DoD, the Federal Government, the AB, and industry, CMMC continues to be relatively on schedule. Below is an updated look straddling 2020 and the first two Quarters of 2021.

    CMMC 2020-2021 Timeline

    Some other interesting CMMC news released recently is the open job requisition for the CISO position with the Office of the Undersecretary of Defense (OUSD). This position, if identical in duties and responsibilities, aligns to Katie Arrington's current role. Additionally, the US Senate Armed Services Committee is initiating a study into CMMC's implementation across all involved parties. These two points could indicate a level of uncertainty in D.C. around CMMC, but all other signs continue to point towards solidification of the new framework. Case in point, the new GSA STARS III contract vehicle makes a direct reference to CMMC in its solicitation documents.

    “While CMMC is currently a DoD requirement, it may also have utility as a baseline for civilian acquisitions; so it is vital that contractors wishing to do business on 8(a) STARS III monitor, prepare for and participate in acquiring CMMC certification”


    Microsoft GCC High Licensing:
    Some additional SKUs have hit the street this quarter and can assist organizations with cutting costs depending upon their userbase and technical requirements. 

    • Microsoft 365 F3 ('F' stands for frontline)
    • Data Loss Prevention as a standalone license

    Additionally, some license types experienced a change or revamped structure.

    • PowerApps is now broken out into Per User plans and Per App
    • Office 365 E3 can be upgraded to an E5 mid-term in your annual license agreement via a 'step up' license
    • Microsoft Flow is changed to Power Automate

    New Features

    Microsoft continues to invest heavily in Microsoft 365 GCC High and Azure Government to support the Defense Industrial Base (DIB). There are several updates over the last 60 days.

    • File size upload limit raised to 100GB for SharePoint, OneDrive, Teams, etc.
    • Teams Private Channels
    • Phone System and Audio Conferencing is now configurable
    • Enhanced reporting for Teams, OneDrive, Exchange, and SharePoint added for E5 customers
    • Windows Virtual Desktop is in Private Preview for Azure Government

    More exciting features and capabilities are coming in Q4 2020 and the beginning of 2021.

    • AIP and all Microsoft labeling tools rolling into a single product - Unified Labeling - across Windows, Microsoft 365, and Azure. The Microsoft Advanced Threat Protection tools are now part of the Microsoft Defender suite. Learn more here.
    • B2B External Sharing from GCC High tenant to another GCC High tenant
    • Microsoft Defender for Office 365 external email forwarding controls and customized quarantine notifications.
    • Increased Teams streams during meetings and audio-conferencing  

    These updates and more are discussed in full within the recording above. 


    Subscribe Here!

    Recent Posts

    Posts by Topic

    see all