HOME       BLOG      CONTACT

 

shutterstock_184473665.jpg

Summit 7 Team Blogs

Peeling Back the Onion: Microsoft Security for Government Contractors

After having several conversations with government contractors of varying sizes (25 person company to 1000) and with differing customer portfolios and data types (CUI, CDI, ITAR) - I continue to group the security best practices and corresponding technologies into four distinct but overlapping layers.

Sure, you can create a complex web of all of these and get into the interconnectivity of it all, but most of our conversations are involving CSO's, COO's, CTO's, CEO's and other department leads that are simply not interested. Complexity doesn't always translate to compliance. Moreover, many leaders are wanting to better understand how their Microsoft security investments translate into ROI and risk management. 

Here is a four part conversation that hits on each layer.

 

 Part 1: Identity Management

 

 

The NIST 800-171 Controls that apply to MFA for reference: 

3.5.3

Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.

 

3.7.5

Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections which nonlocal maintenance is complete.

 

Part 2: Tenant Security

 


Part 3: Endpoint Security (or Container Security)

 

Part 4: Governance


  

SHARE THIS STORY | |
About Ben Curry

Ben is an 11x MVP and coauthor of the new Microsoft Press book "From IT Pro to Cloud Pro - Microsoft Office 365 and SharePoint Online"