Send a message
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
While it’s certainly possible for your current MSP to manage your IT in a way that enables CMMC Level 2 compliance, the toolset and knowledge required is highly specialized and your average MSP may not be up to the task.
With the Level 1 Cybersecurity Maturity Model Certification (CMMC) becoming required on Department of Defense (DoD) Contracts containing Federal Contract Information (FCI) sometime between late October 2025 and February 2026, it is important for those companies working with the DoD to establish their current cybersecurity maturity and standing against the new requirements.
Choosing to build an enclave can significantly reduce costs and effort by isolating compliance to just the systems and personnel who handle Controlled Unclassified Information (CUI). On the other hand, taking an enterprise approach—where your entire environment is brought into compliance—can streamline operations if DoD work is central to your business, while also elevating cybersecurity maturity across the organization.
Can I use Microsoft 365 Commercial to achieve CMMC Level 2 compliance? The short answer is no, but let’s break down why and explore your options for staying compliant while using Microsoft 365.
Scoping is the cornerstone of the CMMC journey. DIB contractors should pay special attention to properly defining assessment scope and ensure compliance with CMMC requirements to avoid costly missteps. In this post, we break down the five CMMC asset categories—CUI Assets, Contractor Risk Managed Assets (CRMA), Security Protection Assets (SPA), Specialized Assets (SA), and Out-of-Scope Assets—to help you streamline your scoping process and ace your CMMC Level 2 assessment.