We’ve been doing a lot of work in preparation for some upcoming CMMC audits, and wanted to share some general updates related to CMMC:
- Tightened network controls: Set stricter rules about what traffic can enter and leave our systems, adding another layer to our existing security
- Strengthened login requirements: Added multi-factor authentication and tighter access controls to meet compliance standards — machines now use dedicated secure identities instead of shared credentials
- Enhanced our monitoring: Layered in additional threat detection and alerting on top of existing monitoring to meet CMMC audit requirements
- Deployed a compliance scheduling service: Stood up dedicated infrastructure to run automated CMMC compliance tasks on a timer, with properly scoped credentials
- Created a hardened baseline machine image: Built a stricter, pre-configured "template" for all new machines — ensuring every server starts from a compliance-verified secure state rather than relying on manual configuration
