Leveraging Microsoft Office 365 to Comply with NIST 800-171 & CMMC

Corserva blog

Depending on the customers you serve and the industry in which you operate, there may be mandates to which you must comply in regard to the security of data.

Example Mandates Dictating Security Controls

For example:

Prime contractors — The NIST 800-53 mandate describes security controls that must be in place for any US federal information system. Companies doing business directly with the government, such as DoD contractors, must follow this mandate.

SubcontractorsNIST 800-171 and CMMC dictate that any company providing equipment or services to suppliers that serve the government (including subcontractors) must comply with NIST 800-171 or CMMC (depending on the contract) to protect unclassified information. Learn more in "What is CMMC compliance?" and "The Definitive Guide to Compliance with the NIST 800-171 Mandate & CMMC."

 

How to Prepare for a CMMC Assessment

 

Healthcare organizations — The HIPAA law requires that patient health information be encrypted, and that healthcare organizations take steps to prevent security breaches.

Other — Other industries have regulations for personally identifiable information (PII), social security numbers, credit card information, and other sensitive data.

 

NIST and CMMC

 

By using the Data Loss Prevention (DLP) feature of Office 365, you can identify, monitor, and automatically protect sensitive information across Office 365.

 

Office 365 Data Loss Prevention (DLP) Feature

As shown on this pricing sheet listing features of the various Microsoft Office 365 packages, Enterprise versions of the platform include an "Information Protection" feature (including Rights Management and Data Loss Prevention for email messages). By leveraging the Microsoft DLP feature, you can make significant progress down the path to meeting your compliance goals.

corserva-microsoft-office-365-plans

The DLP feature of Office 365 enables you to:

  • Identify stored documents that contain credit card numbers
  • Prevent your users from accidentally sharing confidential information with those outside the company
  • Help users stay compliant without interrupting their workflow

 

The Advantages of DLP

Unlike a simple text scan, the DLP feature leverages deep content analysis to perform keyword matches, dictionary matches, the evaluation of regular expressions, internal functions, and other methods to detect content that matches your DLP policies.

The solution is less intrusive than others because by protecting only the information considered sensitive, fewer people are affected.

The DLP feature protects content in:

  • Exchange Online
  • OneDrive for Business sites
  • SharePoint Online sites
  • Office 2016 desktop programs (Excel 2016, PowerPoint 2016, and Word 2016)

 

Read "The Definitive Guide to NIST Compliance"

 

Getting Started with DLP

If you are interested in learning more about the DLP feature in Microsoft Office 365 and other native features you can leverage, Corserva can help.

We can migrate your organization to Office 365 (if you're not already there) and manage your installation as part of a managed services plan.

We also offer advanced email security service plans that leverage machine learning techniques to protect your users from the most sophisticated phishing and malware attacks. Contact us to learn more.

GET A QUOTE

 

RPOCorserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the CMMC-AB Marketplace.

As an RPO, Corserva is authorized by the CMMC Accreditation Body to provide pre-assessment consulting services to government contractors and other Organizations Seeking Certification (OSC).

 

Post Date: February 7, 2018 // 9:41 AM

Author:

Sean McCloat, CISSP

Sean is responsible for Corserva’s network and security operations centers, field services, sales engineering, data center operations, and professional services. He has an intense focus on delivering exceptional customer service across a wide array of client engagements. With 25+ years of national and global experience in the IT industry, Sean has real world experience at the corporate and enterprise levels of healthcare, advertising, and logistics organizations.

Share: