Send a message
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
CMMC compliance is now a tangible, impactful requirement for A/E/C firms supporting the DoD. CAD-heavy workflows (AutoCAD, Revit, Civil 3D) make it far more complex than simply “locking things down.” One way to be successful in CMMC Level 2 implementation is a virtual enclave where CUI is separated from non-CUI, collaboration is secure, and there are robust file-transfer processes that protect data without destroying engineering productivity.
With the Level 1 Cybersecurity Maturity Model Certification (CMMC) becoming required on Department of Defense (DoD) Contracts containing Federal Contract Information (FCI) sometime between late October 2025 and February 2026, it is important for those companies working with the DoD to establish their current cybersecurity maturity and standing against the new requirements.
Choosing to build an enclave can significantly reduce costs and effort by isolating compliance to just the systems and personnel who handle Controlled Unclassified Information (CUI). On the other hand, taking an enterprise approach—where your entire environment is brought into compliance—can streamline operations if DoD work is central to your business, while also elevating cybersecurity maturity across the organization.
Can I use Microsoft 365 Commercial to achieve CMMC Level 2 compliance? The short answer is no, but let’s break down why and explore your options for staying compliant while using Microsoft 365.
