Kieri Reference Architecture

Log in

Download the KRA Datasheet

This datasheet is for real. Network diagrams, explanation of functionality, purchase list, pricing (as well as what to expect for ongoing operational costs), and interoperability. You won’t be disappointed.

The Kieri Reference Architecture is a blueprint for creating a Microsoft 365 and Windows 10/11 based information system.  It includes scripts, technician procedures, baseline configurations, and supporting documentation to build the network yourself or with help.

The architecture and implementation are designed to be compliant with CMMC Level 2 and NIST SP 800-171 Revision 2 requirements, including the new external service provider requirements in the CMMC Rule.  The design is based upon the architecture and implementation that Kieri Solutions presented during their own C3PAO CMMC Level 2 assessment.

Kieri Solutions passed their CMMC Level 2 assessment by DCMA DIBCAC by utilizing this architecture and the core documentation / policies / procedures from the Kieri Compliance Documentation.

The KRA is designed to be easy to manage, with just a part-time system administrator and a virtual CISO (one meeting per month) at minimum.

Do you…
– want to be responsible for your own compliance program?
– like to work with Microsoft products?
– want functional laptops that can go to the office or remote?
– and email and calendar on your BYOD iPhone or Android?
If yes, then check out the Kieri Reference Architecture!

What is the Kieri Reference Architecture?

  • When combined with the Kieri Compliance Documentation, you get a 95% complete System Security Plan (detailing the information system, how technical requirements are applied, and including best-practice KCD policies and procedures).
  • FIPS documentation, Risk Assessment, Data Flow Diagrams, Network Diagrams.
  • Detailed self-assessment instructions which include ongoing monitoring, what evidence to examine, and test procedures to verify security controls.
  • Build instructions for a Microsoft 365 GCC-High Tenant which includes…
    • Secure Configuration Baselines for Windows 10/11 and Microsoft 365, including tailoring for functionality.
    • Scripts and application packages to automatically configure Windows 10/11 laptops with security and typical office functionality.
    • Setup instructions for Azure Sentinel, Duo Multi-Factor, Endpoint Manager, Data Loss Protection, Conditional Access, Defender for Endpoint.
    • Procedures to manage secure file sharing (using GCC-H SharePoint with centrally-managed accounts) between your company and external parties.
    • Procedures to perform monitoring as required by 800-171 Rev. 2 / CMMC Level 2.
  • 10 hours of technical training and check-ins with a Kieri Subject Matter Expert.
  • A lifetime license to use the KRA documentation and instructions for one organization.
  • 12 month subscription to updated documents and training library (renewable yearly).
  • Optional: 40 hours of additional support, including deep review of configurations and creation of compliance artifacts to make sure you’re ready for assessment.
  • Optional: Turnkey setup. You buy it; we build it; we hand you the keys.
  • Optional: Assessment support (we will help you prepare and will attend your CMMC Level 2 assessment to help answer questions).

What is not included in the Kieri Reference Architecture?

  • You will need to supply your own laptops, phones, and cloud licenses.
  • You will need a system administrator or managed service provider who already knows or can learn Microsoft 365 and Azure administration. Kieri Solutions is available to advise and assist you during the build process, but we do not perform support for production networks.
  • You must own a license or simultaneously purchase a license of the Kieri Compliance Documentation (policies and procedures) to use with the Kieri Reference Architecture. The Kieri Compliance Documentation is the people-powered part of CMMC compliance.
  • The KRA is meant to be applied to a new Microsoft 365 GCC-High tenant. Applying CMMC Level 2 security to production networks tends to break things. The instructions assume that you create a new KRA and migrate your production users and data to it. While there is a use-case for upgrading existing networks using KRA instructions, this is at your own risk!

Introduction to the Kieri Reference Architecture

How the KCD and the KRA work together (deep-dive one requirement)

Please contact us to discuss a quote:

Send an email to if you are a subscriber and need help logging on or accessing content.