CMMC Compliance Framework

Leverage FileCloud as part of your CMMC Compliance Framework

Secure Networking

FileCloud provides support for network integration with Active Directory, LDAP, and SSO. The platform also integrates network shares with NTFS permissions to provide better data access control. Users can view, upload, download, share, sync, and manage data while complying with CMMC 2.0 requirements.

Cloud Platform Services

Organizations can host and manage data on-premises or in a private cloud with FileCloud. Meet CMMC requirements for file sharing and data management while improving collaboration across remote teams within a hyper-secure cloud platform.

Account Management

FileCloud admin controls include tools such as audit logs, centralized device management, data governance controls, public and private file sharing, and much more. Role-based access controls (RBAC) can also be set up by the admin to enable authenticated and verified permissions for different roles.

Learn how FileCloud enables CMMC 2.0 file sharing and data management!

FileCloud has received the Gartner Peer Insights Customers’ Choice Distinction for the fifth consecutive time!

92% of our customers would recommend us to a friend.

Rating Stars Image

4.6

CMMC Compliance Framework

(Cybersecurity Maturity Model Certification)

The CMMC or Cybersecurity Maturity Model Certification program is a certification framework launched by the US Department of Defense that classifies cybersecurity maturity into different levels. Each level incorporates increasingly complex and secure functionalities or security objectives. These levels establish a framework for cybersecurity.

Once the program is officially rolled out, all DoD contracts will be labeled with a specific CMMC level. Any Defense Industrial Base (DIB) contractor or subcontractor wishing to bid on that contract must be certified in the requisite level (or higher). By enforcing this program, the DoD will be able to verify that contractors and subcontractors have the capability to protect FCI (Federal Contract Information) or CUI (Controlled Unclassified Information).

CMMC Levels

The DoD has released an updated CMMC compliance framework, referred to as CMMC 2.0. This framework establishes three levels of progressively increasing cybersecurity requirements. Each level is keyed to independent standards: Federal Acquisition Regulation (FAR) 52.204-21 and NIST 800-171 and 800-172 requirements.
CMMC 2.0 Levels

Level 1 – Foundational: involves FCI not for public release and aligns with 15 controls from FAR 52.204-21 “basic” controls; contractors must complete annual certifications and self-assessments.
Level 2 – Advanced: involves dealing with CUI and aligns with 110 NIST 800-171 controls; contractors must complete annual self-assessments and triennial reviews by a Certified Third-Party Assessor Organization (C3PAO).
Level 3 – Expert: involves dealing with CUI, and aligns with 110 NIST 800-171 controls, plus 24 NIST 800-172 controls; contractors must complete triennial, government-led assessments.

Creating a CMMC Compliance Framework

The DoD, which oversees the CMMC program, estimates that most DIB contractors will require Level 2 certification. However, many popular file sharing programs do not support CMMC Level 2 requirements for storing and sharing CUI.

FileCloud, on the other hand, is a powerful, hyper-secure solution that can be leveraged by DIB contractors to store, share, and govern public data, FCI, and CUI.

Leading Defense Contractors Choose FileCloud

Organizations processing critical data benefit by storing data in-house to minimize data security threats and meet compliance requirements. However, they often need to be able to collaborate on and share data with project stakeholders and subcontractors.

FileCloud is a robust file sharing solution that can easily integrate with existing IT systems to boost efficiency and security and help meet CMMC requirements. When deployed as an on-premises solution, organizations can use FileCloud Server as a primary file storage and access system or as an overlay for legacy storage and network shares. Within FileCloud, admins and users alike can take advantage of powerful tools and settings to protect data while collaborating remotely.

FileCloud Admin Dashboard

FIPS 140-2 Compliant Encryption

Ensure that confidential and sensitive data remains secure, whether at rest or in transit, by running FileCloud in “FIPS mode.” This NIST-compliant deployment enforces a FIPS 140-2 cryptographic module. Data at rest is secured with AES 256-bit encryption and data in transit is secured by an HTTPS certificate (SSL/TLS).

Powerful & Intuitive Interface

FileCloud operates with a familiar cloud-like infrastructure, making this solution easy to deploy and use for admins and users. The admin dashboard enables single-pane-of-glass management, and the user portal makes it easy for employees to collaborate with internal and external contacts securely.

Ransomware, Malware, and Virus Protection

Built-in antivirus scanning and malware detection ensures that files uploaded to FileCloud are scanned for potential threats before being admitted to the environment. Admins can also integrate with preferred antivirus providers and leverage unlimited file versioning to roll back files and limit data loss in the event of a ransomware breach.

Authentication Controls

FileCloud supports CMMC requirements for access and permission verification through tools such as two-factor authentication (2FA) enforcement, password strength requirements, Single Sign-on (SSO) integration, and user policies.

Granular File & Folder Sharing

Admins can set up Team Folders to create a shared digital workspace for authorized users in the FileCloud instance, with granular permissions for folders and sub-folders. This enforces the Zero Trust principle of Least Privilege in that users only have access to the data they need. Users can also leverage Zero Trust File Sharing (encrypted file container) or share with specific permissions (read, write, share, delete, manage).

Metadata Management & Automated Classification

FileCloud’s content management system is based on metadata; admins can manage metadata by enabling default or built-in sets (including PII, PCI, or PHI) or by creating custom metadata sets to suit unique organization needs. Once metadata is activated, admins can then set up content classification rules, so that any data introduced to the system is scanned by the classification engine and tagged with metadata.

Smart Data Leak Prevention (DLP)

With Automated Content Classification enabled in FileCloud, admins can create DLP rules triggered by metadata. This Smart DLP system effectively automates the application of DLP to sensitive data. Admins can create rules to either deny or permit with notification to suit unique needs and protect data from unauthorized access.

Digital Rights Management (DRM)

For even greater control over data, even beyond the traditional network boundary, FileCloud supports Digital Rights Management (DRM). Users can share files with DRM protections, either through a DRM client download or directly through the web browser.

Remote Device Management

FileCloud supports remote access for globally distributed teams with or without reliable network access. Alongside this accessibility, FileCloud empowers admins to monitor all connected devices. If an admin notes suspicious activity or a user reports a lost or stolen device, the admin can proactively protect the system by blocking the device and user account. They can also wipe all FileCloud data from the device.

Audit & Accountability

FileCloud tracks all activity within the environment and stores this information in comprehensive audit logs. These logs identify who (user) did what (file/folder activity), where (IP address), when (timestamp), and how (browser, mobile app, desktop client). These audit logs are unchangeable and can be exported as CVS files for internal and external review.

Start Free Trial!

CMMC 2.0 & FileCloud - A Shared Responsibility Model

FileCloud provides a wide array of tools and settings within the platform to support CMMC 2.0 compliance. An organization can leverage these tools and adjust settings to suit their business needs while meeting compliance requirements.

In line with the shared responsibility model, admins and end-users of the organization are responsible for implementing suitable capabilities and managing and maintaining the environment where FileCloud is hosted to ensure that CMMC requirements are being met.

CMMC Awareness and Training

To complement your internal employee training, FileCloud provides extensive information on best security practices through our robust resource library. This library includes a comprehensive white paper on CMMC 2.0 and how FileCloud functionalities map to compliance requirements.

Read our CMMC 2.0 White Paper.

FileCloud also offers additional support resources through the following:

FileCloud University: admin and end-user training videos.
Support Plans: select between Base, Premium, or Extended.
Professional Services: Configuration and deployment assistance, plus live training support from FileCloud.

Frequently Asked Questions (FAQs)

What is CMMC compliance?

CMMC stands for Cybersecurity Maturity Model Certification. This is a program organized and enforced by the US Department of Defense (DoD) to ensure that any Defense Industrial Base (DIB) entity processing FCI or CUI has implemented a minimum standard of cybersecurity.

Why is CMMC required?

The DoD entrusts DIB contractors with critical data, which puts them at risk of being targeted by cybercriminals or nation states. To protect national security interests, the DoD created the CMMC program to standardize a minimum level of cybersecurity requirements that contractors must meet in order to bid on DoD contracts.

Who needs CMMC compliance?

Any DIB contractor or subcontractor wishing to bid on a DoD contract must have been assessed and awarded a specific level of certification to match the contract requirements.

What is CMMC 2.0?

CMMC 2.0 streamlines CMMC 1.0 requirements from five levels to three. These levels include progressively complex cybersecurity requirements, which are keyed to independent standards (FAR and NIST). CMMC 2.0 also removes additional requirements that were unique to CMMC 1.0.

Do cloud services need to be CMMC compliant?

Cloud service providers are not certified by the CMMC program. The program assesses and certifies DIB contractors, subcontractors, and entities based on their cybersecurity capabilities and processes compared to the requirements for a specific CMMC level. However, a DIB entity may include cloud services (such as FileCloud) as part of their CMMC compliance strategy to meet specific requirements.

Worldwide

FileCloud

CodeLathe Technologies Inc.
dba FileCloud
125 Park Avenue FL 25
New York, NY 10017-5550

Fax: +1 (866) 824-9584

Europe

FileCloud Technologies Limited

Ducart Suite,
Castletroy Park Commercial Centre, Castletroy,
Limerick, Ireland

Copyright © FileCloud. All Rights Reserved.

Please select your country

SUBMIT