Initially, the application was crafted to adhere to CMMC Level 1 standards within the commercial Azure framework. As customer requirements evolved, there arose a need for a parallel deployment on Azure Gov, aligning with the stringent government mandates for handling Controlled Unclassified Information (CUI) and Controlled Technical Information (CTI) at CMMC Level 2.
The pivotal challenge was to ensure a swift and seamless migration while maintaining consistency across both Azure platforms. Our strategy was geared towards two primary objectives: fulfilling the product owner’s and business requirements in each environment, and managing two distinct versions of the application, each customized to meet the unique security and data requirements of its respective environment.
- Assessment and Planning: We began by crafting a comprehensive migration plan tailored to meet Azure Gov’s services and CMMC Level 2 requirements.
- Environment Setup in Azure Gov:
- Our initial step was to establish a secure and compliant environment within Azure Gov.
- The application was then adapted and deployed in this new setting to ensure it functioned optimally.
- A key focus was on ensuring smooth operations across both the commercial and government cloud platforms.
- Documentation at every stage was crucial to maintain consistency across the environments.
- Comprehensive testing and the adoption of consistent naming conventions were implemented to ensure clarity and precision.
- CMMC Compliance:
- Our team worked to document services and their compliance mappings for both CMMC Levels, achieving compliance and parity in both the commercial and government environments.
- A self-assessment was conducted to identify technical security control gaps, leading to the creation of a roadmap consisting of Plans of Actions and Milestones (POA&Ms) for meeting the remaining requirements of CMMC Level 2 and NIST 800-171.
- This approach effectively empowered the product owner to oversee a cohesive technical solution, enhancing security measures for governmental requisites and facilitating a streamlined progression towards CMMC Level 2 compliance in Azure Gov.
The successful migration to a government cloud environment is a testament to our balanced approach in upgrading security and ensuring compliance with CMMC Levels 1 and 2. We maintained operational consistency across both commercial and government platforms, implementing additional security measures tailored to stricter government requirements. Central to our approach was the clarification of security and compliance requirements across diverse government contexts, empowering the business to progress rapidly and with confidence, secure in the knowledge that they were fully compliant with all regulatory requirements.
For those interested in discovering how AIS can support CMMC-ready environments that align with your business goals in both private and public sectors, please feel free to contact us to learn more about our security and AI services.
For Microsoft customers utilizing more than 500 licenses on Azure or M365, eligibility for complimentary cybersecurity services through a Microsoft Security Partner may be available. As a certified Security Partner with Microsoft, AIS stands ready to provide these security services to qualifying organizations. These engagements are designed to assist security teams in assessing challenges, including risk assessment within Microsoft cloud environments and the implementation of advanced security controls and services.Fill out this brief funding formto start the process and see if you qualify.
- AIS CMMC Landing Zone Blog from Steve Walter: https://www.linkedin.com/posts/appliedis_cmmc-compliant-azure-landing-zone-activity-7116089749215318016-Zthf/
- How to Access Free Microsoft Security Professional Services: https://www.ais.com/how-to-access-free-microsoft-security-professional-services/
Seeking similar outcomes?
Learn how AIS can help you implement technology solutions that deliver real business results.Contact Us to Get Started