CMMC & NIST SP 800-171

Meet the Future of DoD
Compliance Head-On

Protect controlled unclassified information (CUI) everywhere it resides. Sharetru tackles CMMC 2.0 Level 2 compliance for file sharing to help you safeguard the information that supports our nation’s front lines.

CMMC 2.0

A Framework to Boost DIB Cybersecurity

The Cybersecurity Maturity Model Certification (CMMC) program standardizes cyber protection standards for companies in the Defense Industrial Base (DIB). CMMC is a key component of the expansive DIB cybersecurity effort launched by the Department of Defense (DoD) to counteract national security threats in cyberspace.

In September 2020, the DoD published an interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) which implemented the DoD’s initial vision for the program (CMMC 1.0) and outlined the basic features of the framework.

In November 2021, the DoD announced CMMC 2.0, an updated and streamlined program structure.

CMMC 1.0 and 2.0 evolved out of NIST SP 800-171, which provides recommended security requirements for protecting the confidentiality of CUI that resides in nonfederal systems and organizations.

In practice, CMMC 2.0 is a new development in the contract requirements placed on the DIB. With our Advanced Security and Compliance Add-on, contractors can easily meet CMMC 2.0 Level 2 file sharing standards and stay aligned with NIST SP 800-171.

Sharetru has proven an essential tool for government contractors to comply with the managed file transfer regulations published in NIST SP 800-171, so our platform is well equipped to handle CMMC 2.0 and beyond.

Read More: The Basics of Cybersecurity Maturity Model Certification

How To Achieve Compliance

Don’t let organizational file sharing and transfers be an afterthought. Vet file sharing services for compliance ahead of time, and make sure your solution aligns with CMMC guidelines by providing sufficient controls in the below areas.

Find Out More

Identification and Authentication Verify User Identity

Implement password controls, multi-factor authentication, and identity service integration through SAML 2.0 from the admin console. Strengthen your login security over SFTP with SSH keys instead of risking the loss or theft of passwords.

Access Control Block Unauthorized Users

Take advantage of folder-level access control to keep users who shouldn’t have access to CUI out of the folders that contain it. Flexible permissions help you put safeguards in place to keep unauthorized users out of your mission-critical systems.

Physical Protection Enjoy Fortress-Like Security You can relax knowing that our infrastructure is protected with biometric scanning for access, a man trap for entry, caged infrastructure, and perimeter security including armed guards. Our datacenters keep your data stowed away for your eyes only.

Audit and Accountability Maximize Platform Visibility Connect through SFTP and import log data to your SIEM, or export log data through our API. You can view all your reports on one intuitive dashboard to simplify analysis and leverage insights to enhance your cybersecurity efforts.

System and Communications Protection Safeguard Sensitive Data

Keep administrator roles clearly delineated from user roles for added control and security. Strengthen your authentication processes for SFTP users with IP address restrictions that can be set by by protocol and by user.

NIST SP 800-171

Protecting CUI in Nonfederal Systems

CMMC compliance allows your organization to bid on contracts and establish your organization as one that clients can trust.

Sharetru provides the controls you need to meet NIST SP 800-171, CMMC 1.0, and CMMC 2.0 Level 2 standards, making it easy for you to implement them in our platform with a simple guidance document that we provide.

Sensitive federal information residing in nonfederal systems and organizations must be protected. Any breach of this data can directly impact the federal government’s ability to carry out its designated missions and business operations.

To share CUI, compliance with CMMC 2.0 Level 2 is required. This entails implementing the same 110 controls specified in NIST SP 800-171. While not complying with CMMC doesn’t mean you’ll get fined, it still leads to revenue loss.

How to Plan for Changes to CMMC Requirements

See Additional Resources

See all resources here

Blog

CMMC 2.0 Controls Made Easy for Small & Mid-Sized Contractors

As your organization prepares for CMMC 2.0, know that technology partners like Sharetru simplify and streamline meeting CMMC 2.0 compliance requirements.

The CMMC 2.0 announcement included updates to CMMC 1.0 that were designed to enhance cybersecurity protections for all entities in the DIB as well as to streamline protections for contractors already following the NIST SP 800-171 framework.

Why are they changing it?

Leveraging feedback from industry leaders, Congress, and other stakeholders, the DoD honed in on the most common themes. Comments on CMMC improvements included:

Reducing costs
Increasing trust
Clarifying and aligning requirements

What does it cost?

CMMC 2.0 costs are projected to be significantly lower than before due to the DoD’s initiative to:

Streamline requirements at all levels
Allow some companies to perform self-assessments
Increase oversight of third-party assessments

The DoD now allows companies to waive CMMC requirements with strict guidelines when applying for a waiver. Waivers help not only with the flexibility of CMMC implementation but also with the speed. Accelerating individual adoption of CMMC 2.0 will play a major role in overall adoption.

Has the reasoning or end goal of CMMC changed?

No, the CMMC features are largely unchanged from a high-level overview. The three key features of the CMMC framework are still:

Tiered model
Required assessments
Implementation through contracts

Ready to Exceed Your Compliance Goals?

Threat actors are getting smarter by the day. Prioritize protected file sharing to ensure sensitive data doesn't fall into the wrong hands and risk your contractor status. See how Sharetru does this for you and more by scheduling a demo today.

Meet the Future of DoDCompliance Head-On