{"id":30040,"date":"2021-04-15T04:36:02","date_gmt":"2021-04-15T09:36:02","guid":{"rendered":"https:\/\/www.filecloud.com\/blog\/?p=30040"},"modified":"2025-05-09T07:41:36","modified_gmt":"2025-05-09T12:41:36","slug":"understanding-cmmc-compliance-using-filecloud","status":"publish","type":"post","link":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/","title":{"rendered":"Understanding CMMC Compliance Using FileCloud"},"content":{"rendered":"<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-30043\" src=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/04\/CMMC.png\" alt=\"CMMC\" width=\"552\" height=\"368\"><\/p>\n<p><em>This post was originally published on April 15, 2021 and updated to discuss CMMC 2.0 changes on April 13, 2022.\u00a0<\/em><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_63 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#What_is_CMMC\" title=\"What is CMMC?\">What is CMMC?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#Why_is_CMMC_important\" title=\"Why is CMMC important?\">Why is CMMC important?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#Key_Takeaways_for_CMMC\" title=\"Key Takeaways for CMMC\">Key Takeaways for CMMC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#Five_Levels_of_Maturity\" title=\"Five Levels of Maturity\">Five Levels of Maturity<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#17_Domains_of_Security_Requirements\" title=\"17 Domains of Security Requirements\">17 Domains of Security Requirements<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#Conclusion\" title=\"Conclusion\">Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_is_CMMC\"><\/span>What is CMMC?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span dir=\"ltr\">CMMC is a certification standard used by the US Government to audit third-party compliance with NIST SP 800-171<\/span><span dir=\"ltr\">. DoD third-party organizations have been required to comply with NIST 800-171 since January <\/span><span dir=\"ltr\">1, 2018. However,\u00a0<\/span><span dir=\"ltr\">the U.S. Department of Defense (DoD) has struggled with a low rate of NIST 800-171 compliance across the Defense Industrial Base.\u00a0<\/span><\/p>\n<p><span dir=\"ltr\">CMMC was created in January 2020 to address that systemic issue of non-compliance by both primaries and their subs. Furthermore, CMMC was intended to fill a gap in 3rd-party auditing capabilities to support NIST 800-171 compliance requirements, which was not available prior.\u00a0<\/span><\/p>\n<p><span dir=\"ltr\">\u00a0The first iteration of CMMC (also referred to as CMMC 1.0) was designed with an \u201cassessments framework\u201d in mind. This framework was modeled on five levels of maturity, which are covered in detail below. This is the current operating level of CMMC compliance. CMMC 2.0 has been developed in response to an internal review following public commentary regarding the September 2020 \u201cCMMC 1.0\u201d interim rule. <\/span><\/p>\n<p><span dir=\"ltr\">Following the internal review, the DoD published an Advance Notice of Proposed Rulemaking (ANPRM) on November 17, 2021. The proposed changes comprise CMMC 2.0 and will take effect after the rulemaking process is completed (anywhere from 9 to <a href=\"https:\/\/federalnewsnetwork.com\/defense-news\/2021\/11\/cmmc-2-0-could-take-as-long-as-two-years-to-come-online\/\">24 months<\/a> from November 2021.) For more information on CMMC 2.0 requirements, check out our <a href=\"https:\/\/www.filecloud.com\/blog\/2022\/01\/changes-coming-to-cmmc-in-2022-with-cmmc-2-0#.Ylb3uejMJPY\">blog post<\/a>. <\/span><\/p>\n<p><span dir=\"ltr\">However, since CMMC 1.0 is still in effect as an interim rule, here is everything you need to know about the requirements and how FileCloud can help meet them. (You can also download our CMMC white paper <a href=\"https:\/\/www.filecloud.com\/compliance-security-topics-on-filecloud\">here<\/a>.)<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_is_CMMC_important\"><\/span>Why is CMMC important?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span dir=\"ltr\">The Center for Strategic and International Studies estimates that the total global cost of cybercrime was is approaching $1 trillion, as of the <a href=\"https:\/\/www.csis.org\/analysis\/hidden-costs-cybercrime\">survey<\/a> conducted in 2020<\/span>. The DoD is enforcing a risk-management approach to improve cybersecurity measures of third-party partners by asking them to obtain the Cybersecurity Maturity Model Certification (CMMC). This certification is designed to improve the protection of Controlled Unclassified Information (CUI) and Federal Contract information (FCI), and the certification applies to DoD contractors.<\/p>\n<p>CMMC measures an organization\u2019s approach to protect FCI and CUI. CUI is information that requires protection or audit controls according to federal law, regulations, and government policies. FCI is information provided by or generated by the government under a contract to develop or deliver a product or service to the government, not intended for public release.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Key_Takeaways_for_CMMC\"><\/span>Key Takeaways for CMMC<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>All companies conducting business with the DoD, including subcontractors, must be certified.<\/li>\n<li>The CMMC is expected to combine relevant portions of various cybersecurity standards, such as NIST SP 800-171, NIST SP 800-53, ISO 270001, and ISO 27032, into one unified standard for cybersecurity.<\/li>\n<li>Contractors will be required to be certified by a third-party auditor.<\/li>\n<li>Certification levels of contractors will be made public, though details of specific findings will not be publicly accessible.<\/li>\n<li>Contractors must clearly document practices and procedures with those requirements that already comply with CMMC practices or processes.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Five_Levels_of_Maturity\"><\/span>Five Levels of Maturity<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Depending on your company and the business you conduct with the DoD will decide which level (1\u20135) you need.<\/p>\n<ul class=\"q-box\">\n<li class=\"q-relative\"><strong>Level 1 \u2013 Basic Cyber Hygiene<\/strong>: Includes basic cybersecurity suitable for small companies having a subset of universally accepted common practices. The processes at this level would include some basic performed cybersecurity practices. This level has 35 security controls that must be implemented successfully.<\/li>\n<li class=\"q-relative\"><strong>Level 2 \u2013 Intermediate Cyber Hygiene<\/strong>: Includes universally accepted cybersecurity best practices. Practices at this level should be documented, and access to CUI\u00a0 will require multi-factor authentication. This level includes an additional 115 security controls on top of Level 1.<\/li>\n<li class=\"q-relative\"><strong>Level 3 \u2013 Good Cyber Hygiene<\/strong>: Includes coverage of all NIST SP 800-171 Rev. 1 controls and additional practices beyond the scope of current CUI protection. Processes at this level are maintained, and there is a comprehensive knowledge of cyber assets. This level requires an additional 91 security controls on top of those covered in Levels 1 and 2.<\/li>\n<li class=\"q-relative\"><strong>Level 4 \u2013 Proactive<\/strong>: Includes advanced and sophisticated cybersecurity practices. The processes at this level are periodically reviewed, properly resourced, and are improved regularly across the enterprise. In addition, the defensive responses operate at high speed and there is a knowledge of all cyber assets. This level has an additional 95 controls on top of the first three Levels.<\/li>\n<li class=\"q-relative\"><strong>Level 5 \u2013 Advanced \/ Progressive<\/strong>: Includes highly advanced cybersecurity practices. The processes involved at this level include continuous improvement across the enterprise and defensive responses performed at high speed. This level requires an additional 34 controls.<\/li>\n<\/ul>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-30046\" src=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/04\/CMMC-5-levels.png\" alt=\"5 levels of CMMC\" width=\"1082\" height=\"669\"><\/p>\n<p>\u00a0<\/p>\n<h2><span class=\"ez-toc-section\" id=\"17_Domains_of_Security_Requirements\"><\/span>17 Domains of Security Requirements<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The CMMC model consists of 17 domains, 14 of which are derived from the Federal Information Processing Standards (FIPS) Publication 200 and NIST 800-171<\/p>\n<ol>\n<li>Access Control<\/li>\n<li>Asset Management<\/li>\n<li>Audit and Accountability<\/li>\n<li>Awareness and Training<\/li>\n<li>Configuration Management<\/li>\n<li>Identification and Authentication<\/li>\n<li>Incident Response<\/li>\n<li>Maintenance<\/li>\n<li>Media Protection<\/li>\n<li>Personnel Security<\/li>\n<li>Physical Protection<\/li>\n<li>Recovery<\/li>\n<li>Risk Management<\/li>\n<li>Security Assessment<\/li>\n<li>Situational Awareness<\/li>\n<li>System and Communication Protection<\/li>\n<li>System and Information Integrity<\/li>\n<\/ol>\n<p>FileCloud identifies loopholes in critical security controls according to your desired CMMC maturity level for each of the 17 domains and creates clear instructions for both improving your security position and meeting <a href=\"https:\/\/www.filecloud.com\/blog\/2025\/03\/guide-to-cmmc-2-0-requirements\/\">CMMC requirements<\/a>. We will go through several domains and let you know how FileCloud helps you comply.<\/p>\n<p><strong>Access Control<\/strong> \u2013 FileCloud supports integration with Active Directory, LDAP, and SSO. In addition, FileCloud integrates your Network Shares with NTFS permissions to provide you with better access control of the data your users are allowed to view, upload, download, share, sync, or manage. Within FileCloud you can create users and groups and assign permissions and policies to them to allow or prevent them from accessing your data. FileCloud also supports DLP and granular folder permissions.<\/p>\n<p><strong>Asset Management \u2013 <\/strong>FileCloud\u2019s\u00a0Centralized Device\u00a0Management allows you to view all the\u00a0devices that have access to\u00a0FileCloud\u00a0using\u00a0our mobile and desktop clients.\u00a0FileCloud\u00a0also includes functionality for creating\u00a0reports of these devices to aid you in\u00a0creating your inventory report.<\/p>\n<p><strong>Audit and Accountability \u2013<\/strong>FileCloud\u2019s\u00a0auditing capabilities enable\u00a0you to review who, when, where, and\u00a0what is involved each time\u00a0FileCloud\u00a0is\u00a0accessed.\u00a0FileCloud\u00a0also supports SIEM (blah) integration. FileCloud\u2019s\u00a0data governance capabilities\u00a0allow you to apply multiple retention\u00a0rules to avoid the deletion of auditable\u00a0records you want to store in\u00a0FileCloud.<\/p>\n<p><strong>Awareness and Training \u2013<\/strong>To complement your internal employee training, FileCloud provides you with extensive information about applying best security practices while using FileCloud.\u00a0 FileCloud also offers end\u2013user training.<\/p>\n<p><strong>Configuration Management- <\/strong>FileCloud contains multiple configuration\u00a0capabilities including but not limited to\u00a0centralized device management,\u00a0content classification,\u00a0DLP,\u00a0global policies,\u00a0specific device configuration policies,\u00a0Customization,\u00a0Data Governance,\u00a0user password enforcement,\u00a0private sharing permissions,\u00a0granular folder level permissions, etc.<\/p>\n<p><strong>Identification and Authentication-<\/strong>Besides\u00a0FileCloud\u2019s\u00a0proprietary user\u00a0authentication,\u00a0FileCloud\u00a0supports\u00a0integration with Active Directory, LDAP,\u00a0and SSO.\u00a0FileCloud\u00a0also supports Duo Security\u00a0integration and 2FA.<\/p>\n<p><strong>Incident Response-<\/strong>FileCloud\u2019s\u00a0data governance dashboard\u00a0displays potential rule violations such as\u00a0DLP violations or retention policy\u00a0violations.\u00a0FileCloud\u00a0workflows enable you to\u00a0automate report generation, device\u00a0approval, and other tasks.<\/p>\n<p><strong>Maintenance- <\/strong>Using FileCloud workflows, administrators have the ability to perform automatic maintenance tasks within FileCloud, for example, deleting files after a specified amount of time or disabling users who have not accessed FileCloud in a specific amount of time. FileCloud also supports automatic audit log trimming and exporting to a location defined by the administrator.<\/p>\n<p><strong>Media Protection-<\/strong>FileCloud\u2019s antivirus integration via ClamAV or ICAP protocol enables you to verify the integrity of files as they are uploaded. FileCloud\u2019s DLP provides you with granular control over your data. FileCloud supports in\u2013transit encryption via HTTPS\/SSL.<\/p>\n<p><strong>Personnel Security-<\/strong>FileCloud\u2019s smart classification and DLP\u00a0enable you to classify your data based on\u00a0DLP rules that deny or allow downloads or\u00a0sharing.<\/p>\n<p><strong>Recovery- <\/strong>The FileCloud Server Backup tool creates\u00a0backs up your data automatically.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>For your organizations to be CMMC Compliant, they must implement encrypted file sharing solutions. The end-user is responsible for utilizing suitable FileCloud capabilities as well as managing and maintaining the environment where FileCloud is being hosted to ensure the CMMC requirements are being met.<\/p>\n<p>FileCloud\u00a0is the commercial of the shelf software solution that\u00a0helps businesses securely share, manage, and govern enterprise\u00a0content.\u00a0FileCloud\u00a0software provides the necessary capabilities for\u00a0organizations to obtain <a href=\"https:\/\/www.filecloud.com\/blog\/2025\/03\/guide-to-cmmc-2-0-compliance-checklist-2025\/\">CMMC compliance<\/a>.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><em>References<\/em><\/p>\n<p><em>Accellion CMMC Compliance Guide<\/em>. (n.d.). ACCELLION. Retrieved 2021, from https:\/\/www.accellion.com\/sites\/default\/files\/resources\/wp-accellion-cmmc-compliance-guide.pdf<\/p>\n<p>Carey, B. (2020, May 11). Prepare for CYBERSECURITY Maturity Model certification (cmmc). Retrieved April 06, 2021, from https:\/\/blog.rapid7.com\/2020\/04\/15\/preparing-for-the-cybersecurity-maturity-model-certification-cmmc-part-1-practice-and-process\/<\/p>\n<p>Center for Strategic and International Studies (CSIS) &amp; www.mcafee.com. (2018, February). Economic Impact of Cybercrime\u2014 No Slowing Down. Retrieved April 6, 2021, from https:\/\/csis-website-prod.s3.amazonaws.com\/s3fs-public\/publication\/economic-impact-cybercrime.pdf<\/p>\n<p><em>Cybersecurity Maturity Model Certification (CMMC)<\/em> (Vol. 1). (2020). Carnegie Mellon University and The Johns Hopkins University Applied Physics Laboratory LLC.<\/p>\n<p>DoD Cybersecurity Audits are Coming: Here\u2019s how to prepare. (2021). Retrieved April 06, 2021, from https:\/\/www.sysarc.com\/services\/managed-security-services\/cybersecurity-maturity-model-certification-cmmc-guide-for-dod-contractors<strong>\/<br \/>\n<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post was originally published on April 15, 2021 and updated to discuss CMMC 2.0 changes on April 13, 2022.\u00a0 What is CMMC? CMMC is a certification standard used by the US Government to audit third-party compliance with NIST SP 800-171. DoD third-party organizations have been required to comply with NIST 800-171 since January 1, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[284,20],"tags":[1612,1609,310,1615,1618],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.13 (Yoast SEO v20.13) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding CMMC Compliance Using FileCloud - FileCloud blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding CMMC Compliance Using FileCloud\" \/>\n<meta property=\"og:description\" content=\"This post was originally published on April 15, 2021 and updated to discuss CMMC 2.0 changes on April 13, 2022.\u00a0 What is CMMC? CMMC is a certification standard used by the US Government to audit third-party compliance with NIST SP 800-171. DoD third-party organizations have been required to comply with NIST 800-171 since January 1, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/\" \/>\n<meta property=\"og:site_name\" content=\"FileCloud blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/tonidopage\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-15T09:36:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-09T12:41:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/04\/CMMC.png\" \/>\n<meta name=\"author\" content=\"Team FileCloud\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@getfilecloud\" \/>\n<meta name=\"twitter:site\" content=\"@getfilecloud\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Team FileCloud\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/\"},\"author\":{\"name\":\"Team FileCloud\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935\"},\"headline\":\"Understanding CMMC Compliance Using FileCloud\",\"datePublished\":\"2021-04-15T09:36:02+00:00\",\"dateModified\":\"2025-05-09T12:41:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/\"},\"wordCount\":1459,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\"},\"keywords\":[\"Asset Management\",\"CMMC\",\"Data Governance\",\"DoD\",\"Risk Management\"],\"articleSection\":[\"data governance\",\"FileCloud\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/\",\"url\":\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/\",\"name\":\"Understanding CMMC Compliance Using FileCloud - FileCloud blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#website\"},\"datePublished\":\"2021-04-15T09:36:02+00:00\",\"dateModified\":\"2025-05-09T12:41:36+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.filecloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Understanding CMMC Compliance Using FileCloud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#website\",\"url\":\"https:\/\/www.filecloud.com\/blog\/\",\"name\":\"FileCloud blog\",\"description\":\"Topics on Private cloud, On-Premises, Self-Hosted, Enterprise File Sync and Sharing\",\"publisher\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.filecloud.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\",\"name\":\"FileCloud\",\"url\":\"https:\/\/www.filecloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg\",\"contentUrl\":\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg\",\"width\":155,\"height\":40,\"caption\":\"FileCloud\"},\"image\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/tonidopage\",\"https:\/\/twitter.com\/getfilecloud\",\"https:\/\/www.linkedin.com\/company\/codelathe\",\"https:\/\/www.pinterest.com\/filecloud\/filecloud\/\",\"https:\/\/www.youtube.com\/channel\/UCbU5gTFdNCPESA5aGipFW6g\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935\",\"name\":\"Team FileCloud\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g\",\"caption\":\"Team FileCloud\"},\"sameAs\":[\"http:\/\/www.filecloud.com\"],\"url\":\"https:\/\/www.filecloud.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understanding CMMC Compliance Using FileCloud - FileCloud blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/","og_locale":"en_US","og_type":"article","og_title":"Understanding CMMC Compliance Using FileCloud","og_description":"This post was originally published on April 15, 2021 and updated to discuss CMMC 2.0 changes on April 13, 2022.\u00a0 What is CMMC? CMMC is a certification standard used by the US Government to audit third-party compliance with NIST SP 800-171. DoD third-party organizations have been required to comply with NIST 800-171 since January 1, [&hellip;]","og_url":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/","og_site_name":"FileCloud blog","article_publisher":"https:\/\/www.facebook.com\/tonidopage","article_published_time":"2021-04-15T09:36:02+00:00","article_modified_time":"2025-05-09T12:41:36+00:00","og_image":[{"url":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/04\/CMMC.png"}],"author":"Team FileCloud","twitter_card":"summary_large_image","twitter_creator":"@getfilecloud","twitter_site":"@getfilecloud","twitter_misc":{"Written by":"Team FileCloud","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#article","isPartOf":{"@id":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/"},"author":{"name":"Team FileCloud","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935"},"headline":"Understanding CMMC Compliance Using FileCloud","datePublished":"2021-04-15T09:36:02+00:00","dateModified":"2025-05-09T12:41:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/"},"wordCount":1459,"commentCount":0,"publisher":{"@id":"https:\/\/www.filecloud.com\/blog\/#organization"},"keywords":["Asset Management","CMMC","Data Governance","DoD","Risk Management"],"articleSection":["data governance","FileCloud"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/","url":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/","name":"Understanding CMMC Compliance Using FileCloud - FileCloud blog","isPartOf":{"@id":"https:\/\/www.filecloud.com\/blog\/#website"},"datePublished":"2021-04-15T09:36:02+00:00","dateModified":"2025-05-09T12:41:36+00:00","breadcrumb":{"@id":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.filecloud.com\/blog\/understanding-cmmc-compliance-using-filecloud\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.filecloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Understanding CMMC Compliance Using FileCloud"}]},{"@type":"WebSite","@id":"https:\/\/www.filecloud.com\/blog\/#website","url":"https:\/\/www.filecloud.com\/blog\/","name":"FileCloud blog","description":"Topics on Private cloud, On-Premises, Self-Hosted, Enterprise File Sync and Sharing","publisher":{"@id":"https:\/\/www.filecloud.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.filecloud.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.filecloud.com\/blog\/#organization","name":"FileCloud","url":"https:\/\/www.filecloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg","contentUrl":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg","width":155,"height":40,"caption":"FileCloud"},"image":{"@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/tonidopage","https:\/\/twitter.com\/getfilecloud","https:\/\/www.linkedin.com\/company\/codelathe","https:\/\/www.pinterest.com\/filecloud\/filecloud\/","https:\/\/www.youtube.com\/channel\/UCbU5gTFdNCPESA5aGipFW6g"]},{"@type":"Person","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935","name":"Team FileCloud","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g","caption":"Team FileCloud"},"sameAs":["http:\/\/www.filecloud.com"],"url":"https:\/\/www.filecloud.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/30040"}],"collection":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/comments?post=30040"}],"version-history":[{"count":9,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/30040\/revisions"}],"predecessor-version":[{"id":36461,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/30040\/revisions\/36461"}],"wp:attachment":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/media?parent=30040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/categories?post=30040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/tags?post=30040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}