I have been looking at getting on-prem stuff into Arc, but my only hesitation is the initial Arc setup for the server. For CMMC 2.0 L2, is is required to force all Arc activity through private endpoints, or can you used the default public endpoint? I would think that since public uses encryption as well access controls set within Azure. However, if we are on Commercial Cloud, should I make sure that any on-prem servers are not touching Arc?
The concept of this is simple but there are lots of moving parts - Excel - Visio - Power Automate- SharePoint. I personally would need to drill down a little in Power Automate to understand how it fits in. Thanks for the conceptual inspiration.
what u did in git make sense, but seems using git with GUI when there is conflict is a pain.. definitely recommend to use the git commands instead, at least u can see what is going on
Hi, Thank you so much for uploading this video! I noticed that the objective is only to get the user into Teams for collaboration. I do not know the limits of this since Microsoft seems to be doing this slowly. Do you know if this will work with SharePoint as well? I cant find anything about that online unfortunately.
Update: I think I finally found one and it lists SharePoint. Unless you know something different, I think it will work! Thank you again for this very informative video!
I am not sure why the diagram is so blurry. I could not really read or follow. I am still keen on following this process; are there other resources you can share with me?
Great video. Im still a little confused. So if a private entity/contractor wanted to be cmmc/nist 171/ITAR compliant, would them just purchasing the gcc high license solve that? Or would they have to conduct their own 3rd party cmmc/nist 171 assessments on their security controls (and pass the assessments) before they would even be able acquire a gcc high license?
No, GCC High on its own does not meet NIST 800-171, or CMMC. The architecture it is based on allows you to meet the data sovreignty requirements for export controlled CUI, and ITAR, but you must implement the controls in your own environment to meet NIST 800-171.
@@AgileITcom Thanks. When you say in your own environment, you mean the gcc high environment correct? And secondly, Are you familiar with the Microsoft Purview, compliance manager and how that works with gcc high?
@@tobeskokoatobes3968 My statements about shared responsibility apply to any environment, but yes, in the case GCC High. And yes, we are VERY familiar with Purview compliance manager. My favorite part about it in GCC High is that the CMMC templates are included and not a premium add-on.
100%, with a caveat. Are you asking about a company with 100 employees, or are you talking about onboarding 100 employees at once with this? If you are onboarding 100 employees at once, the process needs to be scaled where the lower level approvals feed up into a larger onboarding automation.
clearly explained. I have built some SP Webparts for my organization, as part of my research on how to make these Webparts GCC compliant I landed on your video which clears many doubts. Any specific guidance regarding SP Webparts?
quite awesome stuff. I am expecting more in depth content on troubleshooting teams and every possible thing you know about teams if you can. i request you to please share more content as its fabulously done by you. thank you for these ill share wid my friends.
I'm interested in the delta between FISMA NIST 800-53 moderate vs CMMC Ver 2 level 2.... how best to describe the deltas......thank god with a small g they got rid of the program management requirement for all of the 18 control families. Also do you believe that FISMA high will "inspire" and form the basis for CMMC V2 L3.
CMMC V2 L2 is based on NIST 800-171. Appendix E includes the entirety of 800-53 as assumed controls. In an early webinar, it was revealed that Appendix E, particularly the NFO controls would not be assessed, but should be performed.
Thank you for this great content..how come no one else is interested in this? Its quite exciting and I spend nights and weekends reading about Nist 800 controls.
Here looking for info on MFA because I want to implement it at our organization. Instead the first few minutes are just insults because I haven't done it yet. Tapping out early and looking for other resources.
Because working in a demo tenant while also being logged into your normal account is a pain. :) Edge (Chromium) was still in limited preview when we did this video, but it makes tings much easier: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-BjdDBj47ma4.html
Microsoft currently lists many of their services as “In scope” for many of the required standards of NIST 800-171, DFARS, FIPS, etc- including Office 365 GCC. Do you know if they resolved any of the issues you’ve mentioned with Microsoft 365 GCC versus Office 365 GCC?
Yes, in February 2021, Microsoft added contractual flowdowns for DFARS 7012 to GCC (moderate) making it acceptable for housing CUI provided there are no specified CUI types such as Controlled Defense Information, ITAR, or NOFORM marked CUI.
Hi. Look Book looks like a great tool. One i select a Look, can i use it for other internal sites or do i have to go through the same process each time? can I set a certain look as a template? Thank you
Thanks for the video. If you need to update your Visio workflow, do you have to completely setup/configure the Power Automate from scratch or will it only update the new elements added to the Visio?
You do not need to update from scratch, however, as with any sort of software update, be it code, low-code, or no-code, you should test at ever change to assure that errors have not been introduced.
