Why would I use the CMMC vs NIST? Trying to pick a standard to align to seems like a difficult issue to resolve. My understanding would be align to a standard and then map to any other regulation. But then which standard do I chosse?
Because they're the government and they said so. :) Joking aside, CMMC is (for the time being) almost strictly for DOD. The Federal Government threw us a curve ball earlier this year by including CMMC language in the STARS III contract, which governs the acquisition of IT and Tech services from 8a organizations (Minority / Veteran / Women owned, Economic Impact Area, etc). If you aren't a DOD contractor, CMMC will probably not apply to you. In unregulated industries, the NIST CSF (Cybersecurity Framework) is probably the best to align to, with some extra attention paid to their Zero Trust guidance they issued earlier this year if you have a large cloud /mobility footprint.
Did Microsoft pull the premium templates from the Contoso demo environments? I just created a tenant, and I can't see any of the premium templates, nor can I add custom templates. Boo! Nice video. Thanks!
I just checked one of my existing tenants and they are all still there. I'd suggest trying the Microsoft 365 Compliance CIE. I can't imagine them hamstringing compliance features in those tenants.
Coming back to this now that the premium templates are now paid, and you can buy them from the licensing center. In my demo environments, I am able to have 1 (or m ore) out of 0 paid premium templates enabled, so it appears you can still use them in Demo Environments with a little bit of weirdness. Not sure how long that will last though. If you haven't I suggest going through one of Microsoft's CIE bootcamps, not only are they informative, you will also become part of the CIE community where they cover these types of topics. Worth the 8-10 hours of effort.
Why would I use the CMMC vs NIST? Trying to pick a standard to align to seems like a difficult issue to resolve. My understanding would be align to a standard and then map to any other regulation. But then which standard do I chosse?
Because they're the government and they said so. :)
Joking aside, CMMC is (for the time being) almost strictly for DOD. The Federal Government threw us a curve ball earlier this year by including CMMC language in the STARS III contract, which governs the acquisition of IT and Tech services from 8a organizations (Minority / Veteran / Women owned, Economic Impact Area, etc). If you aren't a DOD contractor, CMMC will probably not apply to you.
In unregulated industries, the NIST CSF (Cybersecurity Framework) is probably the best to align to, with some extra attention paid to their Zero Trust guidance they issued earlier this year if you have a large cloud /mobility footprint.
Did Microsoft pull the premium templates from the Contoso demo environments? I just created a tenant, and I can't see any of the premium templates, nor can I add custom templates. Boo! Nice video. Thanks!
I just checked one of my existing tenants and they are all still there. I'd suggest trying the Microsoft 365 Compliance CIE. I can't imagine them hamstringing compliance features in those tenants.
@@AgileITcom I dont see them either. :-( Can you send me a copy of the excel export templates? BTW, great demo!
Coming back to this now that the premium templates are now paid, and you can buy them from the licensing center. In my demo environments, I am able to have 1 (or m ore) out of 0 paid premium templates enabled, so it appears you can still use them in Demo Environments with a little bit of weirdness. Not sure how long that will last though. If you haven't I suggest going through one of Microsoft's CIE bootcamps, not only are they informative, you will also become part of the CIE community where they cover these types of topics. Worth the 8-10 hours of effort.
@@AgileITcom Thanks for following up on this. Much appreciated!