Compliance Island by Island Systems

CMMC & NIST 800-171 Compliant
Azure Virtual Desktop Enclaves for CUI

Compliance Island closes the gap between cloud and compliance

Do you or your customers need to meet NIST SP 800-171 or CMMC 2.0 Level 2 compliance requirements?

Compliance Island brings together system-specific compliance documentation, cloud VDI technology, and security into a single unified platform built on Azure and Microsoft 365.

Designed to meet the needs of Microsoft Partners, Managed Service Providers, and enterprises of all sizes, each instance of Compliance Island is deployed in the end-user organization’s Azure tenant (Azure Government & Microsoft 365 GCC-High recommended).

Ready-to-use for secure Windows + Microsoft Office 365 workloads, or extended with any Azure, Microsoft 365, or Dynamics 365 services you want to deploy, Compliance Island dramatically simplifies the compliance process, reduces scope, and enhances security.

Island Systems is a Microsoft Partner

Ready in a few days
Get compliant in a few weeks

Save up to 70% over one-off solutions

Compliance the Hard Way

Most organizations follow the gap remediation process. This multi-year, risk-prone, one-off approach to compliance leads to significantly increased short and long-term costs.

2 Yr Cummulative Cost and Timeline without Compliance Island

2 Yr Cumulative Cost and Timeline Gap Remediation Method

Compliance the Easy Way

With Compliance Island, you’ll meet most of your NIST 800-171 / CMMC 2.0 Level 2 (formerly CMMC Level 3) technical requirements in a few days with your own instance deployed in the Microsoft Azure GCC High cloud.

2 Yr Cumulative Cost and Timeline with Compliance Island

2 Yr Cumulative Cost and Timeline with Compliance Island

2 Yr Cummulative Cost and Timeline without Compliance Island

Estimated 2 Yr Cumulative Cost and Timeline Gap Remediation Method – 20 user system

2 Yr Cumulative Cost and Timeline with Compliance Island

Estimated 2 Yr Cumulative Cost and Timeline with Compliance Island – 20 user system

About Compliance Island

Who Needs Compliance Island?

MSPs supporting, and U.S. government contractors handling:

Federal Contract Information (FCI)

Controlled Unclassified Information (CUI)

Restricted CUI categories like:
Nuclear (NNPI, DCNI)
Controlled Technical Information (CTI)
Export Controlled (EXPT, NOFORN, NATO)

How Compliance Island Helps

Reduce scope, complexity, time, and cost by segmenting CUI into your own enclave

Securely access Azure Virtual Desktops in GCC High with Microsoft 365 Office Suite from your existing systems

Ready in a few days at a low, fixed cost

Includes: System Security Plan, Policy Documentation; Change, Risk, and Incident Management; Security Monitoring Solution; and more

Meet Compliance Requirements

NIST 800-171 for CUI

CMMC 2.0 Advanced Level 2 (formerly Level 3)

DoD Assessment Methodology (SPRS score)

Basic Safeguarding (FAR 52.204-21)

Satisfies NIST 800-171A Assessment Guide

NIST 800-171 Appendix E (NFO controls)

Compliance Island Overview

Compliance Island Core Services are designed to meet the rigorous demands of NIST 800-171 and CMMC 2.0 Advanced Level 2 compliance.
Add-on technologies and services allow us to meet most organizations’ needs, whether it’s for your internal use or for your customers.

Compliance Island Features Overview

Compliance Island provides you, or your customer, with individual fully compliant enclave(s) running Azure Virtual Desktop Windows PCs with the Microsoft Office 365 (E5 recommended).

To ensure compliance for all CUI category markings, including export controlled or nuclear, we recommend deploying in Microsoft GCC High and Azure Government.

Deploying in GCC or Commerical Cloud, or using Microsoft 365 E3 + EMS E5 for end-users is available upon request.

A full suite of Core Compliance Documentation is included to ensure you will quickly and cost-effectively meet requirements allowing you to confidently attest to compliance.

Depending on your internal capabilities, you can opt to purchase the Required Compliance Plans and Services from us, or use your existing capabilities. 

Full compliance requires some customer participation in these Plans, as shown in the included Responsibility Matrix.

Compliance Island can be used as-is when a Windows PC with Office 365, with or without added applications software, meets the need.

Compliance Island can also serve as the foundation to a larger solution. With a strong architecture, it’s easy to add technology and capabilities built in Azure, Microsoft 365, or Dynamics 365 with much less effort needed to ensure your compliance requirements continue to be met.

Island Systems offers architecture services to help you build your solutions while meeting compliance requirements. 

Professionally Architected and Documented

Compliance Island’s included System Security Plan (SSP) contains a full suite of compliance and system architecture diagrams and documentation prepared by skilled enterprise architects. 


Contact Us

Chat Now…