Microsoft Defender for Office 365
by Microsoft
Covered
10
controls
Partial
2
controls
Gaps
2
controls
Overview
Microsoft Defender for Office 365 by Microsoft is an email security solution that covers 10 NIST 800-171 controls (9% total coverage). It addresses key requirements in the email security domain for defense contractors pursuing CMMC compliance.
Controls Covered (10)
Implementation Notes
Deploy Microsoft Defender for Office 365 with FIPS-validated configurations. Integrate with your SIEM for centralized audit logging. Review partial controls quarterly to identify supplementary tooling needs.
More Email Security Products
Frequently Asked Questions
How many NIST 800-171 controls does Microsoft Defender for Office 365 cover?
Microsoft Defender for Office 365 covers 10 of 110 NIST 800-171 controls (9%), with 2 partially covered and 2 gaps.
Can Microsoft Defender for Office 365 alone satisfy CMMC Level 2?
No single tool covers all 110 NIST 800-171 controls. Microsoft Defender for Office 365 covers 9% and should be part of a layered security stack addressing the remaining controls.
What controls does Microsoft Defender for Office 365 not cover?
Microsoft Defender for Office 365 does not cover controls ia-3-5-1, pe-3-10-1. These require supplementary solutions such as physical security controls, additional access management, or media protection tools.
Map Your Full Security Stack
See NIST 800-171 control coverage for 80+ security products.
Open NIST Tool Mapper