CMMC Compliance: What It Is and Why It Matters
Organizations within the Defense Industrial Base (DIB) must meet strict cybersecurity standards when handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), as established by Executive Order 13556.
Prior to the development of the CMMC program, these requirements were spread across several US federal standards. DIB contractors were expected to implement technical controls to comply with the Federal Acquisition Regulation (FAR) 52.204-21, NIST 800-171, and/or NIST 800-172.
The Cybersecurity Maturity Model Certification (CMMC) program streamlines these federal standards across three levels of progressively increasing cybersecurity controls. Contractors and subcontractors working with the Department of Defense are required to achieve certification before they can bid on contracts, and those contracts must match their CMMC level.
CMMC Model Infographic published by the DoD Chief Information Officer
The Department of Defense (DoD) oversees the CMMC program and anticipates that most DIB contractors will require Level 2 certification. However, many popular file sharing programs do not support CMMC Level 2 requirements for storing and sharing CUI.
FileCloud provides a secure enterprise file sharing platform that helps organizations support CMMC compliance when managing regulated files. With strong encryption, identity-based access controls, and detailed auditing capabilities, FileCloud helps organizations protect sensitive data across distributed teams and partners.
FileCloud Deployment Options to Support CMMC Compliance
Different organizations supporting the defense supply chain have different infrastructure and security requirements. FileCloud supports CMMC compliance across two deployment models while delivering the same secure collaboration experience.
FileCloud Server
FileCloud Server is a self-hosted deployment that allows organizations to run FileCloud within their own infrastructure. This deployment option is often preferred by organizations that require maximum control over their environment. This model enables organizations to maintain full control over their infrastructure while implementing secure collaboration capabilities required for CMMC compliance.
FileCloud Server can be deployed:
- On-premises within secure data centers
- In private cloud infrastructure such as AWS or Azure
- Within isolated or restricted networks used for defense workloads
FileCloud FedRAMP
Organizations seeking a secure cloud deployment can use FileCloud FedRAMP, a FedRAMP High authorized cloud environment designed for organizations working with federal data.
FileCloud FedRAMP is hosted through the FedHIVE platform, which provides continuous monitoring, real-time threat detection, and incident reporting capabilities required for highly regulated government environments.
This deployment option allows contractors to leverage a secure cloud platform while supporting the security expectations associated with CMMC compliance.
FileCloud Security Controls for CMMC Requirements
