• United States



UK Editor

Exostar launches CMMC 2.0-compliant Microsoft 365, other solutions for SMBs

Jul 13, 20223 mins

Updates aim to help small- and medium-sized business comply with the U.S. Department of Defense cybersecurity requirements.

Credit: Melpomenem / Getty Images

Regulated industry community builder Exostar has announced new updates to its platform designed to help small- and medium-sized businesses (SMBs) overcome the technology, time, and cost obstacles of preparing for and demonstrating compliance with Cybersecurity Maturity Model Certification (CMMC) 2.0. The latest version of the CMMC requires businesses throughout the U.S. Defense Industrial Base (DIB) to comply with the certification as soon as May 2023 to participate in subsequent Department of Defense (DoD) contract solicitations, with any member of the DIB that stores or handles controlled unclassified information (CUI) required to meet the 110 practices defined at CMMC Maturity Level 2.

However, according to Exostar, many SMBs simply do not possess the expertise, bandwidth, or budget to achieve this compliance. It has therefore launched managed Microsoft 365 for CMMC and upgraded its CMMC Ready Suite to help SMBs address specific challenges surrounding CMMC 2.0 compliance.

Exostar’s managed M365 protects CUI in accordance with CMMC 2.0

In a press release, Exostar stated that its new managed solution is based on Microsoft Teams and hosted in a Microsoft 365 Government Cloud Computing (GCC) high environment, delivering benefits to SMBs including:

  • A secure workspace for SMB users within GCC High without the expense and burden of acquiring, setting up, and managing their own tenant.
  • Implementation of the security controls necessary to protect CUI and facilitate compliance with CMMC 2.0 and other DoD cybersecurity standards.
  • Enterprise-grade security at a price SMBs can afford, with room to grow for an enterprise license.

Exostar CMMC Ready Suite updates accelerate CMMC 2.0 compliance for SMBs

Exostar has also updated its CMMC Ready Suite to provide enhanced, “out-of-the-box” support to accelerate SMBs throughout their CMMC 2.0 accreditation journeys. According to the firm, SMBs can now benefit from:

  • Certification Assistant, which offers plainspoken descriptions of CMMC practices to help SMBs conduct compliance self-assessments and scoring, gather documentation, and prepare for any necessary third-party audits ahead of accreditation.
  • Exostar PolicyPro, which evaluates existing policies and/or generates new ones in accordance with all policy requirements defined in CMMC 2.0 practices.
  • CMMC 2.0 Basic Assessment, which provides expert guidance from Exostar-vetted cybersecurity compliance specialist partners to address an SMB’s unique circumstances and accelerate the accreditation process.

SMBs integral to Defense Industrial Base, CMMC compliance is key

Exostar’s Chief Revenue Officer Tony Farinaro stated that SMBs play an integral role in the US DIB and their compliance with CMMC 2.0 is paramount. “SMBs are the lifeblood of the DIB. While they must improve their cybersecurity capabilities to better protect CUI throughout the DoD supply chain, CMMC 2.0 represents a heavy lift for many of these companies.”

Tom Brennan, Americas executive director of CREST and CIO at Mandelbaum Barrett P.C., told CSO last year that the CMMC is one of the most important recent government cybersecurity initiatives in the U.S. “For a long time, the DoD has told DIB contractors that they have to comply with NIST standards, but there has been zero accreditation, enforcement, or audit associated with this particular control, and it has failed miserably.”

The CMMC is so important because it involves legal assessments to test that government contractors are doing what they say they are from a security standpoint, and if they fail to meet CMMC requirements, they will lose their contracts, Brennan says. “If you’re going to be looking for new DoD contracts, those contacts will clearly state a company must be CMMC compliant prior to undertaking new contracts.” The CMMC is also becoming of greater interest to the cybersecurity industry because a lot of audit firms and service providers realize this is a cash cow, he says.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author