Support Contact
Why Sharetru?
Platform
Features
Compliance
Industry
Pricing
Resources
Start Free Trial
    Start Free Trial
      BUILT FOR TIER 2 & TIER 3 DEFENSE CONTRACTORS HANDLING CUI

      CMMC Compliance for Secure File Sharing & File Transfer

      FedRAMP Authorized CSP. CMMC Advanced Ready. Your MFT Solution for External File Sharing.

      Start Free 15-Day Trial Book a Demo View Pricing

      We’re a FedRAMP Moderate Authorized Service Offering through the Joint Authorization Board (JAB) — meaning you can inherit our pre-built controls, and start sharing CUI fast.

      White-check

      CMMC Advanced?

      Covered.

      White-check

      DFARS 252.204-7012?

      Covered.

      White-check

      NIST SP 800-171?

      Covered.

      White-check

      Body of Evidence? Not needed — just reference the Package ID.

      Quote_Icon

      “Our prime contractor was already pushing CMMC controls down on us — even though we technically weren’t required to comply yet. We showed the FedRAMP Package ID for our file sharing and transfer system, passed that section of the audit, and moved forward without delay.”

      — Alicia M., Director of Cyber Compliance, Aerospace Subcontractor

      Download Icon

      Downloading our Fedramp Verification Quick Guide

      Download Now
      File Sharing - CMMC Page

      Secure File Sharing That Actually Solves CMMC Compliance

      If you’re in the Defense Industrial Base, and you handle Controlled Unclassified Information (CUI), you already know that CMMC Advanced isn’t optional — and neither is proving how you secure file transfers. That’s where Sharetru stands apart.

      We’re a FedRAMP Moderate Authorized Managed File Transfer (MFT) solution, built to help Tier 2 and Tier 3 defense contractors simplify compliance and securely exchange CUI with prime contractors, the DoD, and other external partners.

      Don’t Bet on “FedRAMP Equivalent” — Choose FedRAMP Authorized

      LET’S CLEAR THE AIR:

      PKG-ID-Gradient

      The federal government does not allow the purchase the use of FedRAMP equivalent providers for themselves when requiring CUI protection. Only FedRAMP Authorized solutions qualify — and Sharetru is one of the few secure file sharing platforms that meets that bar.

      That means less risk, fewer unknowns, and far less red tape when you're preparing for a CMMC audit.

      With Sharetru, You Get:

      • A JAB-vetted FedRAMP Package ID you can drop into your SPRS reporting
      • Built-in, audited security controls that align with CMMC Advanced requirements
      • Peace of mind: you're using an authorized solution, not rolling the dice on equivalency
      Quote_Icon

      “FedRAMP equivalent vendors looked good on paper — until our legal team flagged the risk. Sharetru’s authorization by the JAB removed every doubt and made our compliance process a whole lot easier.”

      — Compliance Manager, Aerospace Components Supplier

      Real-World Scenarios: File Sharing with Government & Prime Contractors

      MFT-Gradient

      The Challenge: You need to send engineering files, test data, or procurement specs containing CUI — and you need to do it securely using HTTPS, FTPS, or SFTP, with full audit trails and encryption in place.

      The Sharetru MFT Solution:

      • Support for HTTPS, FTPS, and SFTP protocols depending on recipient infrastructure
      • FIPS 140-3 and TLS 1.3 validated encryption in transit
      • AES-256 encryption at rest
      • Role-based access controls, dual authorization, IP whitelisting
      • Comprehensive audit logs for user actions and file events
      Quote_Icon

      “Our prime wanted files via SFTP, the DoD required logs, and our team needed HTTPS access. Sharetru gave us all three — securely and in one place.”

      — IT Director, Tier 3 Naval Subsystems Supplier

      Internal Engineering Teams Need to Exchange CUI with External Suppliers

      CUI-Gradient

      The Challenge: Your internal engineering team needs to share Controlled Unclassified Information (CUI) — like CAD drawings or testing procedures — with external manufacturers or subcontracted suppliers. You need to ensure only authorized parties access the files, while meeting CMMC's strict access control and auditability requirements.

      The Sharetru MFT Solution:

      • Use role-based group access to create isolated folders for each supplier
      • Apply IP and protocol restrictions to limit how and where each supplier accesses files (SFTP for one, HTTPS for another)
      • Enable clickwrap agreements to ensure suppliers acknowledge data use terms
      • Monitor file activity logs to track access and ensure accountability
      Quote_Icon

      “We needed to lock down access to sensitive files without slowing our engineering team down. Sharetru made it easy to segment external access while keeping everything traceable.”

      — Director of Information Systems, Tier 2 Aerospace Electronics Contractor

      Responding to DFARS 7012 and Preparing for a CMMC Audit

      SIEM-Gradient

      The Challenge: As a subcontractor subject to DFARS 252.204-7012, you're required to protect CUI and prepare for eventual CMMC Advanced certification. Your team needs a compliant file sharing solution that meets encryption, audit, and access requirements — and can provide evidence of control maturity during an audit.

      The Sharetru MFT Solution:

      • Unquestionably meets DFARS 7012 section (b)(2)(ii)(D) with FedRAMP Moderate Authorization
      • Leverage AES-256 encryption at rest and FIPS 140-3 validated TLS 1.3 encryption in transit to go beyond NIST 800-171-based controls
      • Access 12 months of audit logs to support your evidence gathering for audit readiness
      • Enable SIEM integration to route logs to your monitoring system
      • Use dual authorization for user creation to meet advanced access control requirements
      Quote_Icon

      “Sharetru gave us a file transfer system we could immediately point to in our audit prep. We didn’t need to explain how we encrypt files or manage access — it was all documented and centralized.”

      — IT Security Lead, Tier 3 Government Services Provider

      Why Sharetru Is the Smarter MFT Choice for Defense Contractors

      Defense-Contractors-Gradient2

      Sharetru isn’t another generalized cloud storage provider. We’re a secure file transfer and file sharing solution purpose-built for compliance — trusted by defense subcontractors working with sensitive data under serious scrutiny.

      Sharetru vs the Rest:

      • FedRAMP Moderate Authorized MFT solution = fully reciprocal with CMMC Level 2 and unquestionably meeting DFARS requirements
      • Designed for external file sharing, not just internal storage
      • Support for unlimited users on our Complete Plan
      • Protocol-layer control (SFTP, FTPS, HTTPS) with customizable user permissions
      • Compliance-focused features like SIEM integration, disaster recovery, and account lockouts
      • Clickwrap agreements, logging, and role-based access built-in
      Quote_Icon

      “We looked at file sharing platforms. We looked at MFT tools. Sharetru was the only one that hit CMMC, FedRAMP, logging, encryption, and usability without compromising authorization requirements.”

      — CISO, Defense Engineering Partner

      Why Defense Contractors Use Sharetru Alongside Microsoft GCC and GCC High

      portrait-of-business-people-in-meeting-room

      We’re not here to replace GCC or GCC High and we never will be.

      Sharetru is purpose-built to complement your Microsoft environment by filling the gaps in secure file transfer and external sharing workflows. While Microsoft focuses on collaboration, email, and document creation, we focus on the secure movement of sensitive files, especially when compliance and access control are non-negotiable.

      Here’s why many DIB contractors use both,
      side-by-side:

      Challenge Microsoft GCC/GCC High Sharetru
      External Sharing Complex permissions, high risk square-check-regular Designed for secure file exchange across orgs
      Audit-Ready Logs Disparate, not always exportable square-check-regular Centralized, immutable logging & reporting
      User Management Limited external control square-check-regular Fine-tuned access, roles, and notifications
      FedRAMP-Covered File Transfer Not FedRAMP without extensive configuration square-check-regular JAB-Authorized file movement & storage
      SIEM & IAM Integration Native, but focused on O365 data square-check-regular Works with Microsoft Sentinel & Entra ID
      Quote_Icon

      “We kept GCC High for email and document editing, but we needed a compliant file exchange platform. Sharetru handles our secure file transfers—without the admin chaos.”

      — David T., IT Director, Defense Tech Manufacturer

      Plug Sharetru Right Into Your Microsoft Ecosystem

      No rip-and-replace. Sharetru slots directly into your Microsoft security architecture:

      Microsoft-Sentinel-Integration
      Microsoft Sentinel Integration

      Stream real-time syslogs and file activity into your existing SIEM with full security event correlation.

      Entra-ID-Integration
      Entra ID (Azure AD) Integration

      Federate access management and SSO with your Microsoft identity provider.

      Quote_Icon

      “Being able to integrate Sharetru into Sentinel and Entra ID was huge. We didn’t have to change anything upstream for internal users—just got better visibility and tighter access control.”

      — Danielle H., Cybersecurity Manager, Defense Systems Integrator

      Group 436

      Make the Smart, FedRAMP Authorized Choice for CMMC Compliance

      Start Free Trial Book a Demo

      Frequently Asked Questions

      F.A.Q.

      Is Sharetru FedRAMP Moderate Authorized?

      Yes. Sharetru Federal is FedRAMP Moderate Authorized under a JAB-ATO — the highest form of FedRAMP authorization. Our authorization from the DoD, DHS, and GSA ensures we meet the security requirements for handling CUI and provides full CMMC reciprocity.

      Do I need a Body of Evidence (BOE) to prove file sharing compliance with CMMC when using Sharetru?

      No. With Sharetru Federal’s FedRAMP Moderate Authorization, your file sharing environment inherits validated controls. Instead of building a BOE, just include our Package ID in your SPRS submission.

      Is a JAB-ATO better than FedRAMP equivalency or a standard agency ATO?

      Yes. A JAB-ATO is reviewed and approved by the Joint Authorization Board, which includes the DoD. It's more rigorous and widely accepted than agency ATOs or “FedRAMP equivalent” claims, which aren’t formally recognized for procurement.

      Can I include Sharetru’s FedRAMP Package ID in my SPRS submission?

      Yes. Sharetru provides a FedRAMP Package ID that you can use to prove compliance for file sharing and transfer under SPRS.

      Will Sharetru help me with documentation for my SSP or POA&M?

      You won’t need to include detailed SSP or POA&M documentation for Sharetru at all — because we’re FedRAMP Moderate Authorized under a JAB-ATO. That means our file sharing and transfer environment has already been fully assessed and approved by the federal government, and you can simply reference our Package ID in your own System Security Plan or SPRS submission.

      No duplicative documentation, no manual control mapping, and no guesswork — it’s already built in and validated.

      Do I need to configure Sharetru myslf to make it CMMC-compliant?

      No. Sharetru Federal is compliance-ready out of the box. All necessary security features are pre-configured, so you don’t need third-party consulting or custom setup.

      Does Sharetru restrict the types of files I can send or receive?

      No. Sharetru allows all file types, including specialized formats like .dwg, .step, .xlsx, and .zip, with no extension restrictions — perfect for defense and engineering workflows.

      What encryption does Sharetru use to protect CUI file transfers?

      Sharetru Federal uses TLS 1.3 for encryption in transit, FIPS 140-3 certified encryption modules, and AES-256 encryption at rest — exceeding CMMC and NIST 800-171 requirements.

      Can Sharetru integrate with my SIEM to support audit logging requirements?

      Yes. Sharetru supports SIEM integration, allowing file access logs to be routed into your security monitoring environment — a key requirement for CMMC audit readiness.

      How does Sharetru support access control requirements under CMMC?

      We offer role-based and group-based access, dual authorization, clickwrap agreements, and account lockout policies — all mapped to CMMC access control controls.

      Can Sharetru help with audit readiness for my CMMC assessment?

      Absolutely. Sharetru gives you access to audit trails, user activity logs, and detailed reporting, making it easy to demonstrate compliance during an assessment.

      Does Sharetru offer unlimited users?

      Yes. On our Complete Plan, Sharetru supports unlimited users at no extra cost, so you can scale access across internal and external teams without blowing your budget.

      Does Sharetru charge us for bandwidth usage?

      No. Sharetru does not charge for bandwidth — you can transfer files as needed with no limits or surprise fees.

      Can I store CDI, CUI, and CTI in Sharetru’s Advanced Security and Compliance Platform?

      Yes. Sharetru is built to securely store and share Controlled Unclassified Information (CUI), including CDI and CTI, especially on our FedRAMP Authorized Sharetru Federal deployment.

      Does Sharetru support Single Sign-On (SSO) integration?

      Yes. Sharetru supports SAML 2.0-based SSO, allowing integration with identity providers like Azure AD, Okta, and others — simplifying secure access management.

      Can I securely share CUI with users outside of my organization?

      Yes. Sharetru supports secure external file sharing using HTTPS, FTPS, or SFTP — with audit trails, permission controls, and encryption included.