Support Contact
Why Sharetru?
Platform
Features
Compliance
Industry
Pricing
Resources
Start Free Trial
    Start Free Trial
      SECURE FILE TRANSFER AND EXTERNAL SHARING—SIMPLIFIED FOR CMMC AND DFARS.

      FedRAMP Moderate Authorized File Sharing for Defense Contractors

      You need a bulletproof way to share sensitive files—inside and outside your org—without triggering audit flags, creating access risks, or building it yourself.

      Start Free 14-Day Trial Book a Demo

      CMMC-Ready. Audit-Proof. No Stack to Build.

      When you're in the Defense Industrial Base, secure file sharing isn’t optional — it’s contract-critical. But standing up a compliant infrastructure to handle CUI or meet DFARS 7012? That's months of work, hundreds of controls, and potentially high costs.

      That’s why Sharetru exists.

      We’re a FedRAMP Moderate Authorized Service Offering through the Joint Authorization Board (JAB) — meaning you can inherit our controls, skip the stack, and get compliant fast.

      White-check

      CMMC Advanced?

      Covered.

      White-check

      DFARS 252.204-7012?

      Covered.

      White-check

      NIST SP 800-171?

      Covered.

      White-check

      Body of Evidence? Not needed — just reference the Package ID.

      Quote_Icon

      “Our prime contractor was already pushing CMMC controls down on us — even though we technically weren’t required to comply yet. We showed the FedRAMP Package ID for our file sharing and transfer system, passed that section of the audit, and moved forward without delay.”

      — Alicia M., Director of Cyber Compliance, Aerospace Subcontractor

      Download Icon

      Downloading our Fedramp Verification Quick Guide

      Download Now
      Military & Aerospace Manufacturing

      Built for Subcontractors, Not Just the Primes

      You don’t need a security army to meet CMMC Advanced for File Sharing — you just need Sharetru. We’ve spent 20+ years building a platform designed for regulated industries, and now we’ve put it all behind a FedRAMP Moderate JAB authorization so you don’t have to.

      Why It Works:

      • Turnkey Compliance: Inherit our IaaS, PaaS, and SaaS controls for file transfer instead of building your own.
      • Unlimited User Option: Scale your team, primes, and subcontractors at no extra cost.
      • Audit-Ready Logs: Every access, every action, already logged and exportable.
      • Encryption, MFA, SIEM Integration: No bolt-ons. It’s all included.

      What Real-World Challenges do we help you solve?

      External-File-Sharing-That-Passes-Audits-Gradient22

      External File Sharing That Passes Audits

      Problem: Defense contractors must share CUI with prime contractors, subcontractors, and government agencies, but most file-sharing methods fall short when it comes to compliance and auditability.

      Solution: Sharetru delivers:

      • Encrypted file transfers (TLS 1.3+, AES-256 at rest)
      • FIPS 140-3 Encryption modules
      • Tamper-proof, exportable logs 
      • Role-based access and user groups
      • Optional clickwrap agreements to control risk
      JAB-Gradient2

      Achieving CMMC for File Sharing and Transfer Without Building It in-house

      Problem: You’re being told to implement 110+ controls… but you don’t have an army of IT staff.

      Solution: Sharetru satisfies the cybersecurity requirements under DFARS 252.204-7012, including:

      • Inherited controls from our FedRAMP Moderate SaaS authorization
      • A Customer Responsibility Matrix (CRM) aligned to NIST 800-171
      Proving-Compliance-to-Prime-Contractors-Gradient2

      Proving Compliance to Prime Contractors

      Problem: You’re asked to show compliance before the contract is even awarded.

      Solution: Sharetru arms you with:

      Controlled-HTTPS-SFTP-FTPS-Access-Gradient2

      Controlled HTTPS/SFTP/FTPS Access

      Problem: A defense subcontractor needed to share CUI with external partners via HTTPS, SFTP and FTPS, but lacked the ability to enforce access by protocol or restrict by IP — a key requirement during a prime contractor security audit.

      Solution: Sharetru enabled secure, compliant file transfers with layered controls tailored to each partner’s access method and security profile.

      • Protocol Restrictions – Enforced HTTPS, SFTP or FTPS access per user
      • IP Address Allow-listing – Limited connections to approved networks
      • Granular Folder Permissions – Scoped access to only the required data sets
      Quote_Icon

      “Sharetru gave us compliant SFTP and FTPS access with IP and protocol restrictions — no infrastructure to manage, and exactly what our primes needed to see.”

      — Mark E., IT Director, Defense Engineering Services Firm

      Feature Benefit
      FedRAMP Moderate (JAB) Streamlines Compliance
      Unlimited Users No per-user pricing. Scale access freely.
      Folder-Specific Permissions Control access at the user or group level
      Audit-Ready Logs Meet CMMC, NIST, and DFARS standards
      SIEM & SSO-Ready Identity Management and Real Time Visibility
      100% U.S.-Owned & Operated Domestic infrastructure, no offshore handling
      Quote_Icon

      We didn’t need to build anything. Sharetru gave us compliant file movement on Day 1.”

      — Tom R., IT Director, DoD Tech Manufacturer

      portrait-of-business-people-in-meeting-room

      Why Defense Contractors Use Sharetru Alongside Microsoft GCC and GCC High

      We’re not here to replace GCC or GCC High — and we never will be.

      Sharetru is purpose-built to complement your Microsoft environment by filling the gaps in secure file transfer and external sharing workflows. While Microsoft focuses on collaboration, email, and document creation, we focus on the secure movement of sensitive files, especially when compliance and access control are non-negotiable.

      Quote_Icon

      “GCC High is our system of record. Sharetru is our system of transfer. The two work in harmony — and we finally have confidence that our CUI exchanges are compliant.”

      — Brian K., CISO, DoD Subcontractor

      Here’s why many DIB contractors use use both GCC and Sharetru, side by side:

      Challenge Microsoft GCC/GCC High Sharetru
      External Sharing Complex permissions, high risk square-check-regular Designed for secure file exchange across orgs
      Audit-Ready Logs Disparate, not always exportable square-check-regular Centralized, immutable logging & reporting
      User Management Limited external control square-check-regular Fine-tuned access, roles, and notifications
      FedRAMP-Covered File Transfer Not FedRAMP without extensive configuration square-check-regular JAB-Authorized file movement & storage
      SIEM & IAM Integration Native, but focused on O365 data square-check-regular Works with Microsoft Sentinel & Entra ID
      Quote_Icon

      “We kept GCC High for email and document editing, but we needed a compliant file exchange platform. Sharetru handles our secure file transfers—without the admin chaos.”

      — David T., IT Director, Defense Tech Manufacturer

      Plug Sharetru Right Into Your Microsoft Ecosystem

      No rip-and-replace. Sharetru slots directly into your Microsoft security architecture:

      Microsoft-Sentinel-Integration
      Microsoft Sentinel Integration

      Stream real-time syslogs and file activity into your existing SIEM with full security event correlation.

      Entra-ID-Integration
      Entra ID (Azure AD) Integration

      Federate access management and SSO with your Microsoft identity provider.

      Quote_Icon

      “Being able to integrate Sharetru into Sentinel and Entra ID was huge. We didn’t have to change anything upstream for internal users—just got better visibility and tighter access control.”

      — Danielle H., Cybersecurity Manager, Defense Systems Integrator

      Frequently Asked Questions

      F.A.Q.

      What is FedRAMP and why does it matter for file sharing?

      FedRAMP is a U.S. government program that standardizes security for cloud services. If you’re handling CUI, FCI, or sensitive data, a FedRAMP Authorized platform ensures compliance, reduces risk, and simplifies audits.

      Is Sharetru FedRAMP Moderate Authorized?

      Yes. Sharetru is FedRAMP Moderate Authorized at the IaaS, PaaS, and SaaS levels under a JAB-ATO — the most rigorous path to authorization.

      What is a JAB-ATO and why is it better than an agency ATO or FedRAMP equivalency?

      A JAB-ATO is backed by the DoD, DHS, and GSA and grants reciprocity across agencies and frameworks like CMMC. Unlike equivalency claims, it eliminates the need to produce a Body of Evidence or submit your own SSP/POA&M.

      Is the Sharetru Federal environment pre-configured for FedRAMP requirements?

      Yes. Sharetru Federal is pre-configured to meet all FedRAMP Moderate controls. There’s no lengthy setup — it’s ready for use on Day 1.

      What type of encryption does Sharetru Federal use?

      Sharetru uses FIPS 140-3 validated encryption modules: TLS 1.3 in transit and AES-256 at rest. All files, metadata, and backups are encrypted.

      Can I use Sharetru to exchange or store CUI, CDI, CTI, or FCI?

      Yes. Sharetru supports secure transfer and storage of all regulated data types, including CUI, CDI, CTI, and FCI — aligning with DFARS and NIST 800-53 rev 5.

      Will Sharetru help me with documentation for my SSP or POA&M?

      No need. Since Sharetru Federal is already FedRAMP Authorized under a JAB-ATO, no additional documentation other than our package ID number (which can be found on the FedRAMP marketplace) is required from you to justify our inclusion in your technology stack.

      Does Sharetru limit the number of users or charge for bandwidth?

      No. Sharetru offers unlimited users and unmetered bandwidth on the Complete Plan.

      What’s the difference between Sharetru’s Advanced Security platform and Sharetru Federal?

      Advanced Security meets high standards (HIPAA, PCI, and SOC 2 Type II) but is not FedRAMP Authorized. Sharetru Federal is authorized and pre-built for customers with CUI, FCI, or federal contract compliance needs.

      Can Sharetru help us pass a CMMC audit or meet DFARS 7012 requirements?

      Yes. Because Sharetru Federal is FedRAMP Moderate Authorized under a JAB-ATO, it aligns with all 110 NIST SP 800-171 controls, and all 325 controls + objectives for NIST SP 800-53. This means it directly supports CMMC Level 2 requirements and offers complete reciprocity, reducing the burden on your internal team. Our hosting also meets DFARS 252.204-7012 for incident reporting, encryption, and log retention.

      Is Sharetru approved for use by government contractors and subcontractors?

      Yes. Sharetru Federal is used by Tier 1–3 defense contractors, research labs, and manufacturers that need to comply with CMMC, ITAR, and DFARS 252.204-7012.

      Does Sharetru support Single Sign-On (SSO) and MFA?

      Yes. Sharetru integrates with SAML 2.0 identity providers and supports MFA enforcement using app-based authenticators.

      Does Sharetru support SFTP, FTPS, and large file transfers?

      Yes. Sharetru includes native SFTP, FTPS, and FTPeS — with no file extension restrictions — enabling the secure transfer of CAD files, technical drawings, encrypted data, and more.

      Does Sharetru support SIEM or audit log integration?

      Yes. Sharetru supports SIEM integrations via syslog and API for Splunk, Sentinel, and other platforms, helping you meet FedRAMP and CMMC logging requirements.

      How long does it take to get started with Sharetru Federal?

      You can be live in as little as 1 business day. There’s no custom configuration or infrastructure setup needed — everything is FedRAMP-ready out of the box.

      Is Sharetru U.S.-hosted and U.S.-staffed?

      Yes. Sharetru Federal is hosted in a U.S. FedRAMP datacenter and operated exclusively by U.S. Persons — meeting ITAR and export control requirements.

      How does Sharetru compare to GCC High or DISA environments?

      GCC High is for communication and productivity apps. Sharetru is purpose-built for secure file sharing and transfer. We complement GCC High and serve contractors who don’t need to share files externally.

      What industries use Sharetru Federal?

      Sharetru is trusted by Aerospace, Defense, Electronics, R&D, and Healthcare organizations that need to securely share and store sensitive data under strict regulatory control.

      Ready-to-Make-Compliance-Simpler?

      Ready to Make
      Compliance Simpler?

      You don’t need to build a security stack. You just need to transfer files the right way.

      Book a Demo Executive's Guide to Securing Supply Chains