CMMC & NIST SP 800-171

    Meet the Future of DoD
    Compliance Head-On

    Protect controlled unclassified information (CUI) everywhere it resides. Sharetru tackles CMMC 2.0 Level 2 compliance for file sharing to help you safeguard the information that supports our nation’s front lines.

    CMMC 2.0

    A Framework to Boost DIB Cybersecurity

    The Cybersecurity Maturity Model Certification (CMMC) program standardizes cyber protection standards for companies in the Defense Industrial Base (DIB). CMMC is a key component of the expansive DIB cybersecurity effort launched by the Department of Defense (DoD) to counteract national security threats in cyberspace. 

    In September 2020, the DoD published an interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) which implemented the DoD’s initial vision for the program (CMMC 1.0) and outlined the basic features of the framework. 

    In November 2021, the DoD announced CMMC 2.0, an updated and streamlined program structure.

    CMMC 1.0 and 2.0 evolved out of NIST SP 800-171, which provides recommended security requirements for protecting the confidentiality of CUI that resides in nonfederal systems and organizations. 

    In practice, CMMC 2.0 is a new development in the contract requirements placed on the DIB. With our Advanced Security and Compliance Add-on, contractors can easily meet CMMC 2.0 Level 2 file sharing standards and stay aligned with NIST SP 800-171.

    Sharetru has proven an essential tool for government contractors to comply with the managed file transfer regulations published in NIST SP 800-171, so our platform is well equipped to handle CMMC 2.0 and beyond.

    How To Achieve Compliance

    Don’t let organizational file sharing and transfers be an afterthought. Vet file sharing services for compliance ahead of time, and make sure your solution aligns with CMMC guidelines by providing sufficient controls in the below areas.

    ShareTru Icons_Access Controls
    Identification and Authentication Verify User Identity

    Implement password controls, multi-factor authentication, and identity service integration through SAML 2.0 from the admin console. Strengthen your login security over SFTP with SSH keys instead of risking the loss or theft of passwords.

    ShareTru Icons_Multi-Factor Authentication
    Access Control Block Unauthorized Users

    Take advantage of folder-level access control to keep users who shouldn’t have access to CUI out of the folders that contain it. Flexible permissions help you put safeguards in place to keep unauthorized users out of your mission-critical systems.

    ShareTru Icons_Defend National Security
    Physical Protection Enjoy Fortress-Like Security You can relax knowing that our infrastructure is protected with biometric scanning for access, a man trap for entry, caged infrastructure, and perimeter security including armed guards. Our datacenters keep your data stowed away for your eyes only.
    ShareTru Icons_Accountability
    Audit and Accountability Maximize Platform Visibility Connect through SFTP and import log data to your SIEM, or export log data through our API. You can view all your reports on one intuitive dashboard to simplify analysis and leverage insights to enhance your cybersecurity efforts.
    ShareTru Icons_Protect Data and Systems
    System and Communications Protection Safeguard Sensitive Data

    Keep administrator roles clearly delineated from user roles for added control and security. Strengthen your authentication processes for SFTP users with IP address restrictions that can be set by by protocol and by user.

    NIST SP 800-171

    Protecting CUI in Nonfederal Systems 

    CMMC compliance allows your organization to bid on contracts and establish your organization as one that clients can trust.

    Sharetru provides the controls you need to meet NIST SP 800-171, CMMC 1.0, and CMMC 2.0 Level 2 standards, making it easy for you to implement them in our platform with a simple guidance document that we provide.

    Sensitive federal information residing in nonfederal systems and organizations must be protected. Any breach of this data can directly impact the federal government’s ability to carry out its designated missions and business operations.

    To share CUI, compliance with CMMC 2.0 Level 2 is required. This entails implementing the same 110 controls specified in NIST SP 800-171. While not complying with CMMC doesn’t mean you’ll get fined, it still leads to revenue loss. 

    Preparing for CMMC 2.0

    The CMMC 2.0 announcement included updates to CMMC 1.0 that were designed to enhance cybersecurity protections for all entities in the DIB as well as to streamline protections for contractors already following the NIST SP 800-171 framework.

    Why are they changing it?

    Leveraging feedback from industry leaders, Congress, and other stakeholders, the DoD honed in on the most common themes. Comments on CMMC improvements included:

    • Reducing costs
    • Increasing trust
    • Clarifying and aligning requirements

    What does it cost?

    CMMC 2.0 costs are projected to be significantly lower than before due to the DoD’s initiative to:

    • Streamline requirements at all levels

    • Allow some companies to perform self-assessments

    • Increase oversight of third-party assessments

    The DoD now allows companies to waive CMMC requirements with strict guidelines when applying for a waiver. Waivers help not only with the flexibility of CMMC implementation but also with the speed. Accelerating individual adoption of CMMC 2.0 will play a major role in overall adoption.

    Has the reasoning or end goal of CMMC changed?

    No, the CMMC features are largely unchanged from a high-level overview. The three key features of the CMMC framework are still:

    • Tiered model
    • Required assessments
    • Implementation through contracts
    sharetru-symbol-white

    Ready to Exceed Your Compliance Goals?

    Threat actors are getting smarter by the day. Prioritize protected file sharing to ensure sensitive data doesn't fall into the wrong hands and risk your contractor status. See how Sharetru does this for you and more by scheduling a demo today.

    Book Your Demo