man and woman talking in an office hallway

Working with the Department of Defense? You’ll need to get certified.

Join us on July 25th at 11am PT to get started on your compliance journey, as Forrester presents The Total Economic Impact™ of Microsoft cloud solutions for CMMC Compliance

Cybersecurity Maturity Model Certification (CMMC)

What is CMMC?

The U.S. Department of Defense (DoD) is implementing the Cybersecurity Maturity Model Certification (CMMC) to verify the cybersecurity of its supply chain. The certification encompasses three maturity levels with progressively more demanding requirements on processes and practices.


Part of the DoD’s focus on the security and resiliency of the Defense Industrial Base (DIB) sector is working with industry to enhance the protection of sensitive information and intellectual property within the supply chain.

Who needs to be certified?

CMMC will impact all organizations that provide goods or services to the DoD. It is currently pending rulemaking completion (expected between late 2022 to late 2023). When fully implemented, CMMC will be a DoD contractual requirement and a condition for award.

Microsoft can help you get certified

Accelerate your CMMC accreditation process, no matter which level you need

shield blue icon

Strengthen your cybersecurity baseline

control blue icon

Control and protect sensitive data

Streamline compliance blue icon

Streamline compliance

Microsoft Cloud service offerings

Microsoft 365

Reimagine the way you work with an integrated solution including Teams, OneDrive cloud storage, and Office apps.

Microsoft Product Placemat for CMMC 2.0 Level 2

Microsoft 365 Roadmap

Microsoft 365 for Enterprise

Microsoft 365 deliver the power of cloud productivity to organizations of all sizes, helping save time, money, and free up valued resources. The Worldwide instance provides compliance with FedRAMP High for some services.

Learn more

Microsoft 365 GCC

Microsoft 365 Government (GCC) provides compliance with FedRAMP High, Defense Federal Acquisition Regulations Supplement (DFARS) and DISA Cloud Computing Security Requirement Guide (CC SRG) Impact Level 2.

Learn more

Microsoft 365 GCC High and DoD

Delivers compliance with FedRAMP High, Defense Federal Acquisition Regulations Supplement (DFARS), DISA Cloud Computing Security Requirement Guide (CC SRG) Impact Level 4, and International Traffic in Arms Regulations (ITAR).

Learn more

Microsoft Azure

Achieve your goals with the freedom and flexibility to build, manage, and deploy your applications anywhere.

CMMC Level 3 Regulatory Compliance built in Azure Policies

Microsoft Defender for Cloud

Azure Compliance

Microsoft Azure Commercial

Build and manage powerful applications using Microsoft Azure cloud services. Microsoft Office 365 Commercial and Microsoft Office 365 GCC are both paired with Azure AD in Commercial.

Learn more

Microsoft Azure Government

Azure Government is our fully isolated cloud environment designed for data sovereignty. Delivers compliance with FedRAMP High, DFARS 7012, DoD CC SRG IL4/5, ITAR and EAR.

Learn more

Microsoft Dynamics 365 and Power Platform

Adapt and innovate with the only portfolio of business applications that empowers your organization to deliver operational excellence and serve every constituent.

Dynamics 365 for US Government

Power Apps for US Government

Power Automate for US Government

Dynamics 365 - Commercial

Deliver positive customer experiences faster. Optimize resources and help technicians be more efficient. Reduce operational costs. Dynamics 365 in Commercial is compatible with Azure AD in Commercial.

Learn more

Dynamics 365 – GCC and GCC-H

The services offered in GCC and GCC High are further protected with heightened compliance demands. Check the feature availability site to learn which features are available in each environment.

Learn more

Need help deciding which Microsoft Cloud you need?

Read the blog


use the arrow keys to navigate through the pivots and tab to focus on focusable content inside a pivot section
  • Guide
  • Other
  • Video/Webinar

Accelerating CMMC compliance for Microsoft cloud

Read Blog

Microsoft CMMC Acceleration Program Update

Read Blog

History of Microsoft Cloud Service Offerings leading to the US Sovereign Cloud for Government

Read Blog

Understanding Compliance Between Microsoft 365 Commercial, GCC, GCC-High and DoD Offerings

Read Blog

The Microsoft 365 Government (GCC High) Conundrum - DIB Data Enclave vs Going All In

Read Blog

Microsoft expands qualification of contractors for government cloud offerings

Read Blog

Contact us