CMMC 2.0 Updates: Using FileCloud to Support Certification

May 2, 2024

In the ever-evolving landscape of cybersecurity compliance, the Department of Defense (DoD) continues to refine its Cybersecurity Maturity Model Certification (CMMC) program. With CMMC 2.0 updates, contractors and subcontractors face new challenges and opportunities in meeting stringent cybersecurity standards. Here we’ll explore the latest updates to the CMMC program, the current requirements outlined by CMMC […]

In the ever-evolving landscape of cybersecurity compliance, the Department of Defense (DoD) continues to refine its Cybersecurity Maturity Model Certification (CMMC) program. With CMMC 2.0 updates, contractors and subcontractors face new challenges and opportunities in meeting stringent cybersecurity standards.

Here we'll explore the latest updates to the CMMC program, the current requirements outlined by CMMC 2.0, and how FileCloud can assist organizations prepare for certification.

Understanding CMMC 2.0 Updates: What's New?

Those who have been keeping an eye on the DoD’s CMMC program will have noted the significant overhaul represented by CMMC 2.0. However, because the program is not yet finalized, there may be additional changes for assessment and certification.

Streamlined Requirements for CMMC 2.0

This current version reduces the program’s complexity by cutting out two in-between certification tiers and by streamlining requirements laid out by supporting standards:

Table of CMMC 2.0 Levels

Flexible Assessment and Certification Processes

The CMMC 2.0 updates did more than streamline requirements (specifically, eliminating CMMC-specific requirements that did not appear in either FAR 52.204-21 or NIST 800-171/800-172). The updated program also incorporates a more flexible and objective approach for assessments and certifications.

Third-Party Oversight: The increased focus on third-party assessor oversight will help ensure the integrity and reliability of certification assessments. This step aims to enhance accountability and maintain the credibility of the certification process.

Certification Roadmaps: CMMC 2.0 introduced waivers and Plans of Action & Milestones (POA&M). These options provide organizations with greater flexibility and tailored approaches to meet certification requirements. These changes will ensure that CMMC implementation can meet Defense Industrial Base (DIB) contractors where they are currently. While building up to certification, roadmaps can account for an entity’s unique organizational structures and resource constraints.

Looking Ahead to CMMC 2.0 Rollout

On December 26, 2024, the DoD submitted Rule Proposal 88, FR 89058. The public commentary period closed on February 26, 2024. The rulemaking process is expected to continue through 2024 and possibly 2025.

In the meantime, all CMMC pilot programs have been suspended. Certification is not required for any contract until rules have been finalized. The final rules will include a 60-day public comment period prior to implementation. There may be additional requirements in the finalized CMMC program.

However, because CMMC 2.0 is based on existing requirements (FAR 52.204-21 and NIST 800-171), DIB contractors handling CUI are expected to have cybersecurity solutions in place before CMMC rollout.

Leveraging FileCloud to Support CMMC 2.0 Updates

Achieving compliance with CMMC 2.0 updates requires comprehensive cybersecurity measures, including robust data governance and secure file management practices. FileCloud, a hyper-secure enterprise file sharing and sync solution, can play a crucial role in helping organizations meet CMMC 2.0 requirements.

Data Encryption

FileCloud utilizes advanced encryption protocols to ensure the confidentiality and integrity of sensitive data.

With these encryption settings, organizations can securely share and store classified information, meeting requirements for protecting Controlled Unclassified Information (CUI).

Access Controls

FileCloud enables organizations to implement granular access controls, allowing administrators to manage user policies and restrict access to sensitive files and folders.

Granular controls also extend to folders, sub-folders, and files:

By enforcing least privilege principles, organizations can mitigate the risk of unauthorized access and data breaches, aligning with CMMC requirements for access control.

Image of FileCloud user interface, file sharing options

Auditing and Reporting

FileCloud offers comprehensive auditing and reporting capabilities, allowing organizations to track user activity and monitor file access in real time. Audit logs are unchangeable and can be exported as CVS files for internal or external review.

Furthermore, admins can manage connected devices remotely, wiping data or blocking users if a device is lost, stolen, or otherwise suspected to be compromised.

This visibility enables organizations to demonstrate compliance with CMMC requirements for monitoring and accountability, facilitating the certification process.

Secure Collaboration

With FileCloud, organizations can facilitate secure collaboration and file sharing, both internally and externally.

Team Folders serve as secure digital workspaces, where departments and teams can share files, coordinate on changes, and even work on documents in real time. Integrations with Google Docs and Microsoft 365 provide a seamless online interface. Collaboration can take place within the secure environment, without the need to download, edit, and reupload.

UI of FileCloud, open files with Google Docs

Additionally, users can set notifications, add comments, and @mention other users to ensure nothing slips through the cracks. For even greater efficiency, particularly for repetitive administrative or logistical tasks, users can create their own automated workflows with the easy-to-use, built-in workflow builder.

Last but not least, FileCloud offers unlimited external guest accounts, at no additional charge. Internal agencies can extend their secure FileCloud environment to stakeholders outside their institution. This serves to protect data from exposure or breach. Admins can create Data Leak Prevention (DLP) rules to enforce restrictions on sharing or downloading certain types of CUI.

Planning for CMMC 2.0 and Beyond

Organizations will continue to upgrade their systems and processes in line with CMMC 2.0. However, it is important to implement the right kinds of tools and technologies.

Cybersecurity will only continue to develop and expand, in response to the burgeoning cyberthreats that test existing defenses. These tests are already expanding to include AI penetration and phishing software-as-a-service tools. DIB organizations cannot afford to function without a risk management strategy while navigating the turbulent waters of government contract requirements and compliance standards.

FileCloud offers a comprehensive solution for secure data management and collaboration within the wider scope of risk management. By leveraging FileCloud, organizations can meet many of the stringent cybersecurity controls outlined in CMMC 2.0 and support a robust strategy of preparedness for optimal success.


Interested in learning more about CMMC 2.0 and how FileCloud supports compliance? Check out our in-depth white paper, which includes a comprehensive matrix on CMMC 2.0 domains and requirements, mapped to FileCloud functionalities.

Want to explore FileCloud for yourself? You can register for a trial or schedule a demo with one of our solutions experts.

 

By Katie Gerhardt

Jr. Product Marketing Manager