Defense contractors that make up the Defense Industrial Base (DIB) have a contractual requirement around DFARS 252.204-7012 that is built around NIST 800-171 and other controls. These additional controls, as well as those that require data sovereignty (i.e. ITAR) are met with a special version of Office 365 known as Government Community Cloud (GCC) High. This is the only version of Office 365 that meets these flow-down requirements.
Building upon the DFARS requirements, as well as FAR 52.204-21, the new released Cybersecurity Maturity Model Certification (CMMC) will add additional requirements as well as a third-party accreditation requirement to the existing standards. While backing up data has always been a recommended best practice, the earlier rules never explicitly required it. CMMC adds the requirement to back up all data for Level 2 and higher compliance. This includes Office 365 GCC High.
The new service is expected to meet the needs of CMMC practices around data backup for Office 365 GCC High. It includes multiple options for storage as well as retention, as well as many features you would expect in an enterprise class solution.
If your company is part of the Defense Industrial Base, or if you plan to contract with the Department of Defense, you will be required to back-up your data within your GCC High Environment.
C3 Integrated Solutions is dedicated to securing our nation’s military infrastructure by protecting the cyber resources of the Defense Industrial Base. To learn more about how these services can help your organization, contact us today at info@c3isit.com.
