Share on:

What is CMMC?

CMMC (Cybersecurity Maturity Model Certification) is a framework to ensure that controlled unclassified information (CUI) is protected by appropriate levels of cybersecurity practices and processes when it’s residing on federal contractors’ networks. CMMC applies to any federal contractor, including over 300,000 companies in the supply chain – such as small businesses, commercial item contractors and foreign suppliers.

Note: The development of CMMC 2.0 is currently in progress and will greatly simplify the framework to align with NIST 800-171 standards.

How Can Blumira Help With CMMC?

Blumira can help your organization easily meet and exceed CMMC (and NIST 800-171) requirements for logging, monitoring, threat detection and response.

By regularly running and scheduling Blumira’s pre-built CMMC compliance reports, you can prove your compliance to an auditor for certain controls.

Which Reports Map to Which CMMC Requirements?

See which Blumira reports map to which CMMC requirements so you can easily hand over pre-built reports to your auditor to prove your compliance. Please note that each report is available for certain integrations, which are listed under each report below:

CMMC RequirementsBlumira’s Global Reports
CMMC AC.1 – Failed Logins: Identify brute force and other credential attacksCMMC Controls - Failed Logins
Available for: Windows, Linux, MacOS
CMMC AC.1 – VPN Connections: Monitor remote access methods and usersCMMC Controls - VPN Connections
Available for: Cisco ASA, WatchGuard, GlobalProtect, SonicWall, Sophos
CMMC AC.1 – Logins by Location: Spot access from unfamiliar regionsCMMC - Logins from Outside the US
CMMC - Logins from Outside the UK
CMMC - Logins from Outside the AUS
CMMC - Logins from Outside the CA
Available for: Azure, Microsoft 365, Duo Security, Okta
CMMC AU.2 – Privileged Access: Track access by administrators and power usersCMMC Controls - Administrator Access
Available for: Windows, Linux
CMMC AU.6 – Log Tampering: Detect modifications or deletions of log dataCMMC Controls Log Tampering - Clearing of Windows Event Log
CMMC Controls Log Tampering - Clearing of Windows Security Event Log
Available for: Windows
CMMC AC.7 – Account Lockouts: Find accounts locked due to excessive failed loginsCMMC - Account Lockouts
Available for: Windows
CMMC AC.7 – Password Resets: Track password changes for awareness of compromised accountsCMMC - Password Change
Available for: Windows

CMMC - Azure Password Change
Available for: Azure
CMMC SC.7 – Firewall Traffic: Analyze allowed/blocked connections at perimeterCMMC - Allowed Firewall Traffic
CMMC - Blocked Firewall Traffic
CMMC IR.4 – IDS/IPS Alerts: Identify potential intrusion attempts and malwareCMMC - IDS/IPS Alerts
Available for: SonicWall, Palo Alto, Checkpoint, Sophos XG, Umbrella
CMMC MP.7 – USB Device Usage: Detect unauthorized devices plugged into endpointsCMMC - USB Device Attached
Available for: Windows

CMMC Controls - Mounted Device
CMMC Controls - USB Device Attached
Available for: MacOS
CMMC CM.3 – System Changes: Record critical configuration and policy changesCMMC - Windows GPO Updates
Available for: Windows

CMMC - Azure Policy Changes
Available for: Azure

CMMC Firewall Configuration Change
Available for: Palo Alto, Fortigate, Cisco ASA, SonicWall, Sophos XG

How Can I Access the CMMC Reports?

Blumira customers can use global and saved reports to easily access CMMC compliance reports, as well as many other reports to analyze the logged events that you send Blumira. 

To view a CIS global report or one of your saved reports, follow these easy steps:

  1. Navigate to Reporting > Report Builder.Click to open the additional options menu (the three dot menu seen on the right side).
  2. Click Load Saved Report
  3. Type CMMC into the search box at the top of the Saved Reports screen.
  4. In the Saved Reports window, click the report that you want to use, ensuring that it matches your integrated data source(s).

Get more tips on how to use Blumira’s Report Builder in our documentation article, Using global and saved reports. Watch the video below to learn more about using Report Builder:

Blumira For Compliance: Easy & Effective Security For SMBs

It’s easy to help meet or support multiple compliance controls using Blumira’s SIEM + XDR platform. With our platform backed by a 24/7 security operations team, organizations get 24/7 coverage – there’s no need to hire full-time analysts. See our other posts on NIST compliance reports, ISO reports, and the different compliance frameworks we support.

There’s a few different ways you can get started with Blumira:

  • Free SIEM – Choose up to 3 cloud integrations, set up in minutes, send logs to Blumira and start seeing security value right away. Our Free SIEM gives you a limited version of our product with 14 days of data retention.
  • Try SIEM + XDR Free – Get a trial of Blumira’s XDR edition up and running to experience the complete SIEM, endpoint visibility and automated response platform. Contact us to set up an XDR trial.
  • See a Demo – Not ready to try Blumira yet? Watch our product demo video or contact our team to walk through a demo of Blumira’s XDR Platform to get all of your questions answered.
  • Are you an MSP? Check out our MSP Program with NFR licensing for partners.

Security news and stories right to your inbox!