CMMC Asset Management with FileCloud
FileCloud is a powerful CMMC asset management solution, designed with hyper-security and collaboration in mind. The platform supports asset storage and sharing to ensure that Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) are processed by contractor environments that comply with CMMC requirements.
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a certification program managed by the US Department of Defense (DoD), with the goal of enforcing a minimum standard for cybersecurity across all IT environments processing sensitive government assets.
The DoD is one of the top targets for hackers and cybercriminals due to the nature of the assets under management. Yet no department can be entirely self-sufficient. The DoD is a prime example, relying on interactions with government departments, public-sector organizations, and external companies and contractors.
Participation in the CMMC Program
Any Defense Industrial Base (DIB) contractor planning to bid on a DoD contract will need to carry out an assessment of their IT infrastructure. Provided that requirements are met, the contractor will be certified with a specific CMMC level. They will then permitted to bid on contracts that match their CMMC level.
Per CMMC 2.0, the program offers three certification levels for DIB companies. Contracts will be awarded according to a specific CMMC-level. Certification assesses 14 distinctive security domains, with specific requirements in each domain for the three levels. These levels are organized around pre-existing, independent standards, namely Federal Acquisition Regulation (FAR) 52.204-21 and NIST 800-171 and 800-172 requirements (streamlined from previous requirements documented in CMMC 1.0).
Comparison Between CMMC 1.0 and CMMC 2.0 Models. Source: DoD Chief Information Officer
Special Exemptions to CMMC Requirements
With CMMC 2.0, the DoD introduced waivers and temporary exemptions for DIB contractors who are either in the process of completing CMMC assessment or to exclude specific CMMC requirements for select contractors carrying out mission-critical operations.
- Plan of Actions and Milestones (POA&M): contractor must achieve a baseline number of requirements prior to contract award; the remaining requirements must be addressed in the POA&M with clearly defined timetable.
- Waivers: Senior DoD leadership may permit a specific contractor involved in mission-critical operations to exclude CMMC requirements for a duration of time.
CMMC Asset Management with FileCloud
CMMC asset management is the process of tracking and managing assets within an organization, with the specific goal of achieving or maintaining complying with CMMC requirements. This management process includes assessing and optimizing hardware and software components that make up a company’s IT infrastructure.
FileCloud offers a powerful solution to CMMC asset management through its hyper-secure content collaboration and data governance platform. The environment can be self-hosted on private, on-premises infrastructure or connected to a private cloud. The DIB contractor maintains control over assets and access, with built-in tools to support certification requirements.
12 FileCloud Features that Support CMMC Asset Management
- FIPS 140-2 compliant encryption for data at rest and in transit
- Zero Trust File Sharing®
- Comprehensive audit reports
- Role-based access controls (admin-users)
- Active Directory and LDAP integration
- Remote device management, with remote wipe and user blocking capabilities
- 2FA, SSO, and SIEM integrations
- Endpoint backup
- Data Leak Prevention(DLP)
- Custom metadata sets and automated content classification
- Digital Rights Management
- Workflow Automation