Search
Get A Demo
Get Started
    Get A Demo
    Get Started
      How Blumira Helps With

      A Practical Guide to CMMC 2.0 Compliance

      The Blumira modern security platform helps your organization easily meet and exceed CMMC framework requirements for logging, monitoring, threat detection, and response. We either support or complement a variety of CMMC controls from Levels 1 & 2, covering many domains.

      Try Blumira for 30 days
      Are You CMMC Compliant?
      Federal Contractors:

      Are You CMMC Compliant?

      CMMC (Cybersecurity Maturity Model Certification) is a framework to ensure that controlled unclassified information (CUI) is protected by appropriate levels of cybersecurity practices and processes when it’s residing on federal contractors’ networks.

      CMMC applies to any federal contractor, including over 300,000 companies in the supply chain – such as small businesses, commercial item contractors and foreign suppliers.

      The Department of Defense intends to incorporate CMMC into their Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contracts, according to the Office of the Under Secretary of Defense for Acquisition & Sustainment CMMC.

      While CMMC encompasses NIST SP 800-171 requirements, it also extends beyond it to include three different levels of compliance, Foundational (Level 1), Advanced (Level 2), and Expert (Level 3).

      NOTE: There are many changes coming for CMMC v2. In short, CMMC v2 is aligning to the NIST 800-171 standards.

      All of the controls below have mappings listed for CMMC v2 and NIST 800-171. The CMMC control numbers now are aligned to 800-171; for example, AC.L1-3.1.1 maps to NIST 800-171 control 3.1.1. Also see how Blumira helps customers meet NIST 800-171.

      How Blumira Helps With Audit & Accountability and Configuration Management Requirements

      • Audit and Accountability: AU.L2-3.3.1 - 3.3.4

        AU.L2-3.3.1 – Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

        AU.L2-3.3.2 – Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

        AU.L2-3.3.3 – Review and update logged events.

        AU.L2-3.3.4 – Alert in the event of an audit logging process failure.

        Blumira centralized logging gives you the ability to track user activity, allowing you to trace actions uniquely back to certain users and hold them accountable. The Blumira cloud SIEM retains logs for at least a year for auditing purposes.

        Search and reporting functionality gives you deeper visibility into audit logs for review. The Blumira platform also reports on operational changes or disruptions, including the status of logging sensor and diagnostics for logflow to alert you in the event of an audit logging process failure.

      • Audit and Accountability Level 2: AU.L2-3.3.7 - 3.3.9

        AU.L2-3.3.7 – Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate timestamps for audit records.

        AU.L2-3.3.8 – Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

        AU.L2-3.3.9 – Limit management of audit logging functionality to a subset of privileged users.

        The Blumira cloud SIEM separates logging and audit tools from customers’ production environments to prevent unauthorized access, modification, and deletion. Blumira’s platform limits the management of audit logging functionality to only a subset of privileged users with role-based administration.

      • Audit and Accountability Level 2: AU.L2-3.3.5 & 3.3.6

        AU.L2-3.3.5 – Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.

        AU.L2-3.3.6 – Provide audit record reduction and report generation to support on-demand analysis and reporting.

        Blumira search and reporting functionality provides deeper visibility into audit logs. The Blumira platform correlates audit records to indications of suspicious activity and unauthorized access, then provides data and prioritized alerts to the organization. Blumira’s pre-built reports provide the ability to support on-demand analysis and reporting.

        The Blumira threat detection library allows for the automation of audit log analysis to help identify and act on indicators of threats and suspicious activity. Blumira reporting provides visibility to enable organizations to perform audits on broad activity, in addition to pre-machine activity.

      • Configuration Management Level 2: CM.L2-3.4.1 & 3.4.6

        CM.L2-3.4.1 – Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.

        CM.L2-3.4.6 – Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.

        With Blumira logging capabilities and wide coverage of integrations, organizations can inventory their security systems. Blumira provides role-based administration for its own platform, and monitors other systems for the creation of new privileged accounts, or changes and escalations in existing account privileges to alert organizations to potentially malicious internal activity.

      • Configuration Management Level 2: CM.L2-3.4.2, 3.4.3, 3.4.7

        CM.L2-3.4.2 – Establish and enforce security configuration settings for information technology products employed in organizational systems.

        CM.L2-3.4.3 – Track, review, approve or disapprove, and log changes to organizational systems.

        CM.L2-3.4.7 – Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

        The Blumira platform monitors and identifies any risky access to an organization’s networks, such as through public Remote Desktop Protocol (RDP) and Server Message Block (SMB) access. Blumira tracks and logs any changes to organizational systems, while monitoring and alerting organizations to the use of insecure ports.

      AU.L2-3.3.1 – Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

      AU.L2-3.3.2 – Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

      AU.L2-3.3.3 – Review and update logged events.

      AU.L2-3.3.4 – Alert in the event of an audit logging process failure.

      Blumira centralized logging gives you the ability to track user activity, allowing you to trace actions uniquely back to certain users and hold them accountable. The Blumira cloud SIEM retains logs for at least a year for auditing purposes.

      Search and reporting functionality gives you deeper visibility into audit logs for review. The Blumira platform also reports on operational changes or disruptions, including the status of logging sensor and diagnostics for logflow to alert you in the event of an audit logging process failure.

      AU.L2-3.3.7 – Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate timestamps for audit records.

      AU.L2-3.3.8 – Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

      AU.L2-3.3.9 – Limit management of audit logging functionality to a subset of privileged users.

      The Blumira cloud SIEM separates logging and audit tools from customers’ production environments to prevent unauthorized access, modification, and deletion. Blumira’s platform limits the management of audit logging functionality to only a subset of privileged users with role-based administration.

      AU.L2-3.3.5 – Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.

      AU.L2-3.3.6 – Provide audit record reduction and report generation to support on-demand analysis and reporting.

      Blumira search and reporting functionality provides deeper visibility into audit logs. The Blumira platform correlates audit records to indications of suspicious activity and unauthorized access, then provides data and prioritized alerts to the organization. Blumira’s pre-built reports provide the ability to support on-demand analysis and reporting.

      The Blumira threat detection library allows for the automation of audit log analysis to help identify and act on indicators of threats and suspicious activity. Blumira reporting provides visibility to enable organizations to perform audits on broad activity, in addition to pre-machine activity.

      CM.L2-3.4.1 – Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.

      CM.L2-3.4.6 – Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.

      With Blumira logging capabilities and wide coverage of integrations, organizations can inventory their security systems. Blumira provides role-based administration for its own platform, and monitors other systems for the creation of new privileged accounts, or changes and escalations in existing account privileges to alert organizations to potentially malicious internal activity.

      CM.L2-3.4.2 – Establish and enforce security configuration settings for information technology products employed in organizational systems.

      CM.L2-3.4.3 – Track, review, approve or disapprove, and log changes to organizational systems.

      CM.L2-3.4.7 – Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

      The Blumira platform monitors and identifies any risky access to an organization’s networks, such as through public Remote Desktop Protocol (RDP) and Server Message Block (SMB) access. Blumira tracks and logs any changes to organizational systems, while monitoring and alerting organizations to the use of insecure ports.

      Blumira CMMC Level 2 Compliance Checklist

      Blumira CMMC Level 2 Compliance Checklist

      We've developed a concise checklist to highlight the key assessment objectives where a robust monitoring solution is indispensable, ensuring you're ready to meet CMMC Level 2 requirements and pass your assessment. Download it now and let us help you check off several items from your preparation to-do list..

      Download The Checklist 

       

      CMMC Without the Complexity For Manufacturers

      Manufacturing companies supporting defense missions face a critical challenge: achieve CMMC certification while keeping production lines running and costs under control.

      request a manufacturing cybersecurity demo
      ✓ Zero production disruption

      during deployment and ongoing monitoring
      ✓ Automated CUI handling

      with real-time threat detection designed for manufacturing environments
      ✓ Ready-to-submit reports

      for CMMC assessments and contract renewals
      ✓ Manufacturing-focused support

      from security experts who understand defense supply chains

      Frequently Asked Questions

      What is CMMC 2.0 and who does it apply to?

      CMMC 2.0 (Cybersecurity Maturity Model Certification) is a Department of Defense framework that requires defense contractors and subcontractors to meet specific cybersecurity standards before they can bid on or maintain DoD contracts. It applies to any organization in the Defense Industrial Base (DIB) that handles Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). CMMC 2.0 simplified the original model from five levels down to three, aligning Level 2 directly with the 110 controls in NIST SP 800-171.

      When is the CMMC compliance deadline?

      The CMMC final rule took effect on December 16, 2024, with phased implementation beginning in 2025. CMMC requirements will start appearing in DoD contracts through a phased rollout, with full enforcement expected by late 2026. Defense contractors should not wait for the deadline. The assessment and remediation process takes months, and organizations that are not ready risk losing contract eligibility. Starting now gives you time to close gaps and collect the evidence that assessors require.

      What are the CMMC Level 2 requirements?

      CMMC Level 2 maps directly to all 110 security controls in NIST SP 800-171 Rev 2. These controls are organized into 14 families, including Access Control, Audit and Accountability, Incident Response, and System and Communications Protection. Level 2 requires either a self-assessment or a third-party assessment (C3PAO), depending on the sensitivity of the CUI involved. Organizations must demonstrate that controls are not just documented but actually implemented and producing evidence.

      Do you need a SIEM for CMMC compliance?

      CMMC Level 2 includes the full Audit and Accountability (AU) control family from NIST 800-171, which requires organizations to create, protect, retain, and review audit logs. You also need to correlate audit records, reduce them to actionable findings, and alert on failures. While CMMC does not name "SIEM" as a requirement, a SIEM is the standard way to satisfy these AU controls. Blumira's cloud SIEM handles log collection, correlation, automated alerting, and one-year retention, covering the core Audit and Accountability requirements.

      What CMMC controls does Blumira address?

      Blumira directly supports controls across several NIST 800-171 families that CMMC Level 2 requires. The primary coverage is in Audit and Accountability (AU 3.3.1 through 3.3.9), including audit event logging, log correlation, alerting on audit failures, and log protection. Blumira also supports controls in Incident Response (IR 3.6.1, 3.6.2) through its automated detection and response playbooks, and Security Assessment (CA 3.12.3) through continuous monitoring. The platform connects to 75+ integrations to collect logs across cloud, endpoint, network, and identity systems.

      How does Blumira help defense contractors with CMMC?

      Blumira gives defense contractors the log monitoring and threat detection that CMMC Level 2 assessors expect to see, without requiring a dedicated security team. The platform deploys in hours, collects logs from your CUI environment through 75+ integrations, applies pre-built detection rules, and retains all log data for one year. For organizations preparing for a C3PAO assessment, Blumira provides the continuous audit evidence that demonstrates your Audit and Accountability controls are operational, not just written in a policy document.

      What is the difference between CMMC Level 1 and Level 2?

      Level 1 covers 17 basic safeguarding controls from FAR 52.204-21 and applies to organizations that handle only Federal Contract Information (FCI). It requires an annual self-assessment. Level 2 covers all 110 controls in NIST SP 800-171 and applies to organizations that handle Controlled Unclassified Information (CUI). Depending on the contract, Level 2 may require a third-party assessment by a C3PAO. The jump from Level 1 to Level 2 is significant. Level 2 requires detailed audit logging, incident response capabilities, continuous monitoring, and access controls that most organizations need dedicated tooling (like a SIEM) to satisfy.

      Can a small defense contractor afford CMMC-compliant security monitoring?

      Yes. Blumira uses flat-rate pricing based on employee count with unlimited log ingestion, so small contractors won't see surprise bills when their log volume increases. The platform is designed for IT teams, not large security operations centers. It deploys in hours, takes about 15 minutes a day to manage, and includes the detection rules, alerting, and log retention that CMMC Level 2 demands. Small defense contractors in the DIB use Blumira to meet their Audit and Accountability requirements without hiring full-time security analysts.

      Experience Blumira Today

      Tired of fragmented security tools and alert fatigue? Blumira centralizes your security operations, offering deep insights and actionable intelligence to identify and remediate threats before they cause damage. Discover the power of proactive defense.

      Get Your Trial