033c10aec3
|
||
|---|---|---|
| .. | ||
| Analytic Rules | ||
| Data | ||
| Package | ||
| Playbooks | ||
| Workbooks | ||
| ReleaseNotes.md | ||
| SolutionMetadata.json | ||
| readme.md | ||
readme.md
Overview
Welcome to the Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution. This solution enables Compliance Teams, Architects, SecOps Analysts, and Consultants to gain situational awareness for cloud workload security posture. This solution is designed to augment staffing through automation, visibility, assessment, monitoring and remediation. This solution includes (1) Workbook for build/design/assessment/reporting, (2) Analytics rules for monitoring and (3) Playbooks for response/remediation. CMMC 2.0 model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the Defense Industrial Base (DIB) and Department of Defense (DoD stakeholders. "CMMC 2.0 is the next iteration of the Department's CMMC cybersecurity model. It streamlines requirements to three levels of cybersecurity - Foundational, Advanced and Expert - and aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards." For more information, see💡CMMC 2.0
Try on Portal
You can deploy the solution by clicking on the buttons below:
2.0/Workbooks/Images/CybersecurityMaturityModelCertification(CMMC)Black1.png?raw=true)
Recommended Microsoft Sentinel Roles / Recommended Microsoft Defender for Cloud Roles
| Roles | Rights |
|---|---|
| Security Reader | View Workbooks, Analytics, Hunting, Security Recommendations |
| Security Contributor | Deploy/Modify Workbooks, Analytics, Hunting Queries, Apply Security Recommendations |
| Owner | Assign Regulatory Compliance Initiatives |
Prerequisites
This solution is designed to augment staffing through automation, query/alerting generation, and visualizations. This solution leverages Azure Policy, Azure Resource Graph, and Azure Log Analytics to align with Cybersecurity Maturity Model Certification 2.0 control requirements. A filter set is available for custom reporting by guides, subscriptions, workspaces, time-filtering, control family, and maturity level. This offering telemetry from 25+ Microsoft Security products, while only Microsoft Sentinel/Microsoft Defender for Cloud are required to get started, each offering provides additional enrichment for aligning with control requirements. Each CMMC 2.0 control includes a Control Card detailing an overview of requirements, primary/secondary controls, deep-links to referenced product pages/portals, recommendations, implementation guides, compliance cross-walks and tooling telemetry for building situational awareness of cloud workloads. The workbook contains 200+ visualizations for situational awareness of workload posture. Select both a Level and Control Family in the main selector to start navigating the workbook.
1️⃣ Access Microsoft 365 Compliance Manager: Assessments
2️⃣ Planning: Review Microsoft Product Placemat for CMMC 2.0
3️⃣ Onboard Microsoft Sentinel
4️⃣ Onboard Microsoft Defender for Cloud
5️⃣ Add the Microsoft Defender for Cloud: NIST SP 800 171 R2 Assessment to Your Dashboard
6️⃣ Continuously Export Security Center Data to Log Analytics Workspace
7️⃣ Extend Microsoft Sentinel Across Workspaces and Tenants
8️⃣ Review Microsoft Service Trust Portal
Workbook
The Microsoft Sentinel CMMC 2.0 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to CMMC controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective CMMC 2.0 requirements and practices.
Analytics Rules
The Microsoft Sentinel: CMMC 2.0 Analytics rules leverage Microsoft Defender for Cloud Regulatory Compliance mappings (Derived from NIST SP 800-171) to measure CMMC 2.0 alignment across Level 1 (Foundation) and Level 2 (Advanced) requirements. The default configuration is set for scheduled rules running every 7 days to reduce alert overload. The default configuration is to alert when posture compliance is below 70% and this number is configurable per organizational requirements.
Playbooks
1) Notify_GovernanceComplianceTeam
This Security Orchestration, Automation, & Response (SOAR) capability is designed for configuration with the solution's analytics rules. When analytics rules trigger this automation notifies the governance compliance team of respective details via Teams chat and exchange email. this automation reduces requirements to manually monitor the workbook or analytics rules while increasing response times.
2) Open_DevOpsTask
This Security Orchestration, Automation, & Response (SOAR) capability is designed to create an Azure DevOps Task when an alert is triggered. This automation enables a consistent response when resources become unhealthy relative to a predefined recommendation, enabling teams to focus on remediation and improving response times.
3) Open-JIRA-Ticket
This Security Orchestration, Automation, & Response (SOAR) capability is designed to open a JIRA issue when a recommendation is unhealthy in Microsoft Defender for Cloud. This automation improves time to response by providing consistent notifications when resources become unhealthy relative to a predefined recommendation.
Print/Export Report
1️⃣ Set Background Theme: Settings > Appearance > Theme: Azure > Apply
2️⃣ Print/Export Report: More Content Actions (...) > Print Content
3️⃣ Settings: Layout (Landscape), Pages (All), Print (One Sided), Scale (60), Pages Per Sheet (1), Quality (1,200 DPI), Margins (None) > Print
4️⃣ Executive Summary: Microsoft Defender for Cloud > Regulatory Compliance > Download Report > Report Standard (NIST SP 800 171 R2), Format (PDF)
Feedback
Please take time to answer a quick survey, click here.
Disclaimer
The Microsoft Sentinel CMMC 2.0 Solution demonstrates best practice guidance, but Microsoft does not guarantee nor imply compliance. The workbook outlines controls across Levels 1-2. All accreditation requirements and decisions are governed by the 💡CMMC Accreditation Body. This solution provides visibility and situational awareness for control requirements delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations and query modification for operation. Recommendations should be considered a starting point for planning full or partial coverage of respective control requirements.