Configure Microsoft Entra ID for CMMC compliance
Microsoft Entra ID helps you meet identity-related practice requirements in each Cybersecurity Maturity Model Certification (CMMC) level. To be compliant with requirements in CMMC, it's the responsibility of companies performing work with, and on behalf of, the US Dept. of Defense (DoD) to complete other configurations or processes.
In CMMC Level 1, there are three domains that have one or more practices related to identity:
- Access Control (AC)
- Identification and Authentication (IA)
- System and Information integrity (SI)
In CMMC Level 2, there are 13 domains that have one or more practices related to identity:
- Access Control
- Audit & Accountability
- Configuration Management
- Identification & Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communications Protection
- System and Information Integrity
The remaining articles in this series provide guidance and links to resources, organized by level and domain. For each domain, there's a table with the relevant controls listed, and links to guidance to accomplish the practice.
Learn more:
- DoD CMMC website - Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification
- Microsoft Download Center - Microsoft Product Placemat for CMMC 2.0 (preview)
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for