Compliance Managed Service
Fast, Cost Effective CMMC Compliance
In order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB), the Department of Defense (DoD) is migrating to the new Cybersecurity Maturity Model Certification (CMMC) framework.
Almost every company executing business with the DoD will need to adhere to the appropriate level of this new standard to continue to secure contracts with the DoD. Ensuring basic cyber hygiene and protecting controlled unclassified information (CUI) is now a pre-contract award requirement and requires verification through an independent, on-site third-party audit. Non-compliance means no contract, no revenue.
Fully Managed Compliance Delivered in a Cloud-Enabled Enclave
Leverage the power and security of the industry’s first CMMC enclave, designed specifically for defense contractors throughout the DIB. Our CMMCEnclave meets the challenging needs of CMMC certified third-party assessing organizations (C3PAO), managed security service providers (MSSP), managed services providers (MSP), and CMMC registered provider organizations (RPO).
The solution enables defense contractors to quickly take advantage of a Microsoft Azure-based cloud-enabled tenant. With this offering from CyberSheath, you can leverage a trusted team of experts to help prevent, detect, respond, and hunt for threats in your environment. The result is that your customers know that your business is both compliant and secure.
Meet CMMC regulation by first understanding what is required to protect your CUI.
Allowing businesses to operate in a compliant manner by providing high value custodial security of CUI while having minimum business interruptions to process, procedures and people.
Our CMMCEnclave for Defense Contractors delivers:
A turnkey solution, compliant with NIST 800-171, CMMC, and DFARS
Our CMMCEnclave is complete with managed CMMC and NIST governance, managed IT security, and managed IT. It allows your business to continue to operate in a compliant manner and provides high value custodial security of Controlled Unclassified Information (CUI) while having minimum business interruptions to people, process, and procedures. We provide a fully managed CMMC/DFARS-compliant Microsoft Azure GCC High or GCC tenant on a tenant-by-tenant basis.
First-ever CMMCEnclave with optional management of multi-levels of CMMC
Integrated DFARS governance allows for proper policy and procedure processes around CUI custodianship. This approach allows for lower immediate and ongoing costs, decreased complexity, and future-proofed compliance. The CMMCEnclave supports:
- Meeting the requirements of the 130 controls of CMMC Maturity Level 3 (ML3)
- Limiting organizational controlled CUI data sprawl and driving role-based allowances to CUI
- Establishing a technical program on how to deal with other CUI-custodial suppliers to your client organizations
Best visibility and self-service of compliance governance
The new custom-built dashboard leverages the technology of the world’s leading companies in compiling data and facilitating visibility into compliance. CMMCEnclave includes an innovative, world-class dashboard which provides your clients with near instantaneous access to the following information:
- Current compliance status
- Inventory of DFARS compliance artifacts and evidence
- Current security threat landscape and incident levels
- Most recent version and documentation of the System Security Plan (SSP)
- Accurate, timely performance of CMMC enclaves or regimes
- Supply chain assessment
CMMC compliance and IT security must be a team effort.
Our shared responsibility model for CMMC attestation is fundamental to our partnership with clients. This management framework dictates the security obligations of a CMMC compliance environment and its users to ensure proper accountability. As detailed in this rubric, CyberSheath takes ownership of assured CMMC compliance. Your organization will be tasked with other important functions to meet our mutual goal of gaining or leveling up CMMC compliance.
Apply CMMCEnclave to DoD Cybersecurity Requirements
Select the use case commitment level appropriate for the functionality and user needs of each of your business areas.
Data, Collaboration Sharepoint-only
This secure SharePoint enclave can be hosted in GCC High or a commercial cloud depending on whether data is subject to export. This approach is perfect for small customers with small datasets, few CUI contracts, and lots of transient workers as it is cost-effective while still meeting compliance requirements. It makes sense for CMMC Level 1 and 2 companies and can allow for Level 3 capabilities.
Windows Virtual Desktop (VD), Microsoft Office and Microsoft Apps-Only
This approach is secured using Active Directory partitions and Windows Virtual Desktop. Desktops are shared, but data security is enforced to CMMC compliance standards. Great for users who only access Office applications, Sharepoint Online, and OneDrive, there is no option to host private application servers.
Level 2 plus Requirement for Private Applications
Customers are segregated on private network segments with network security boundaries adding security beyond Active Directory partitioning. Desktops are private and only accessed by a single company. There is an option available for private application servers on the customer network segment. This approach works well for users looking for an affordable cloud platform while needing to use custom applications or file servers.
Contract-By-Contract Tenancy or Full Business Enclavement
In this approach, all servers and desktops reside in the client’s MS Azure tenant. Users access the environment using corporate credentials. It is the most expensive option, as all components including Active Directory are completely private. Companies can host any applications or files in their environment and can optionally connect the enclave to their corporate infrastructure.