CMMC compliance made easy with Sumo Logic

Organizations that want to do business with the Department of Defense are required to achieve CMMC compliance by the end of this year. Sumo Logic can serve as a tool to assist your organization in achieving CMMC compliance.

What is CMMC

In an effort to strengthen the foundation of security and enhance the protection of controlled unclassified information within its supply chain, the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) of the DoD developed the Cybersecurity Maturity Model Certification (CMMC) framework.

The CMMC will review and combine best practices and cybersecurity standards, and map controls and processes from basic to advanced levels. The aim is to reduce risk against specific sets of cyber attacks. This framework builds upon DFARS 252.204-7012, an existing regulation, based on the cybersecurity tenet of “trust, but verify.”

CMMC compliance with Sumo Logic

Organizations are seeking solutions to assist them in CMMC compliance. A chief point of interest among these organizations is the specific control element called continuous monitoring. With this control element, audits around basic cybersecurity controls will not be good enough to achieve CMMC compliance. There is a need for tooling that gives insights into CMMC compliance in real-time.

It’s common for current compliance professionals like auditors to still rely on spreadsheets—something that’s both cumbersome, time consuming, and prone to errors.

Our CMMC dashboard simplifies compliance and continuously tracks it by leveraging text panels within the Sumo Logic platform to represent individual control elements. It is the same solution we use to achieve CMMC compliance in our SOC.

Sharing dashboards internally and externally

Like in other frameworks, we have an area in the platform where you can keep track of your control status, mark things compliant, and mark them not applicable so that you can have back and forth dialog with your internal and external auditors via easily shareable URLs. You can easily link to content for different control elements for CMMC compliance.

Access control

Within Sumo, we have full role-based access control (RBAC) for sharing of these dashboards to internal and external auditors—very easily you can granularly control who has access. Getting VPN access for external auditors is no longer necessary. You can just leverage the Sumo Logic platform. You can whitelist who has access to it and you can easily see who has access.

From policy documents to evidence and password policy

We have an area in the platform called the workbench where internal and external auditors can easily communicate and make requests, acting akin to a governance risk and compliance platform. This allows content like policy documents that meet certain controls to be listed and viewable in a single interface for both internal and external auditors.

This functionality goes beyond policy documents, it can also be leveraged for evidence itself or examples of your password policy.

Machine data visualization

Sumo Logic prides itself in its work around machine data. In our platform, machine data visualization is seamless, making satisfying controls in your cybersecurity frameworks simple. The same shareability applies to visualizations and queries within the platform.

CMMC compliance made easy

At Sumo Logic, we operate on the principle of “the art of the possible.” Compliance is rarely, if ever, described as an easy task in any organization. We believe that our solution—how we leverage machine data, and the ability to link to evidence and policies all within a single user interface that can easily be shared between internal and external auditors—is a powerful tool in simplifying CMMC compliance and can save a lot of time and resources for your organization.

To learn more about how Sumo Logic can help make compliance easier for your team, check out Daniel Reardon's compliance session from Illuminate 2020, here: https://www.youtube.com/watch?v=VI017JSSyTU