Cybersecurity Maturity Model Certification 

(CMMC)

How SafeShare Can Help Your Organization Prepare For CMMC Certification

  

If your business or organization is part of the US DoD Defence Industry Database (DIB) supply chain, from the end of 2020 you will be required to achieve CMMC Certification prior to bidding on contracts.

SafeShare’s file sharing and collaboration service is a simple, easy to use and effective way to store, receive and share Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

With SafeShare you can start today and use it immediately to help your organization prepare for Cybersecurity Maturity Model Certification (CMMC).

Granular Access Control – Simple to Use

Easy to use, SafeShare helps you simply manage the policies that define who, where and when access is allowed to your most sensitive data.

The level of access control provided by SafeShare will help embed the policies around the way FCI and CUI is stored, managed and shared.

Access Control can be layered to a granular level for each document by the document owner so policies can be easily maintained.  The document owner does not have to worry about implementing the policy as SafeShare takes care of it for you.

The policy can have either all or some of the controls applied to an individual document or folder. All of the following components inside of the policy that can be driven, and that level of granularity is unique to SafeShare.

SafeShare’s Access Control Layers 

Access Control layers

“Separation of Powers”

Document Owner Controls Access, Not the Administrator  

SafeShare provides true separation of powers over data sharing and access because the document owner controls access over the policies that can be applied to the document, rather than the administrator.   

Documents can have policies automatically applied to them depending on the way the document owner classifies the document, giving the owner control over who can view, edit, download or share the document.

While the administrator can configure classifications and access levels, only the document owner can access a file. This prevents data breaches that can occur  when a rogue administrator has access to all sensitive and confidential data.

“Hierarchical Encryption Structure”

One Encryption Key for Each Individual File   

The difference between SafeShare and other common business file sharing tools is that we provide one key for every single file inside of SafeShare, whereas other file sharing tools use  volume encryption,so there’s only one access key for all of the files. 

SafeShare’s “end-to-end” encryption key for every single document is part of our proprietary system that is based on an hierarchical encryption structure, making it much more robust security than the many cloud-based tools currently being used.

Cyber Maturity Levels Required for the Defense Industry Database

Organizations who are part of the Defense Industry Database (DIB) are starting to prepare and plan for the cybersecurity infrastructure, policies and procedures that will need to be in place so they can continue to play their critical role in the supply chain for the US Dept of Defence.

The CMMC is about obtaining a level of maturity in the organization. Regardless of whether your DIB organization needs to achieve Level 1, 2, 3 , 4 or 5 CMMC Certification, this journey towards CMMC maturity takes time to have procedures and policies developed, implemented and embedded into daily activities within the organization and its culture.

It is estimated the majority of the DIB will be required to have either Maturity Level 1, 2 or 3 certifications, with approximately 90% of the DIB only needing to reach Maturity Level 1. Maturity Levels 4 and 5 will only apply for a small number of organizations.

SafeShare and the CMMC Model Framework

The CMMC model framework organizes processes, capabilities and cybersecurity best practices within a set of 17 capability domains. It contains five maturity processes and 171 cybersecurity best practices that progress across five maturity levels.

SafeShare is ISO 27001 certified and a cloud- based managed service that runs on FedRAMP infrastructure.  This allows you to simply subscribe and access this highly secure service for managing, storing CUI and sharing with your supply chain partners.

Instituting cybersecurity processes into the CMMC framework ensures all DIB cybersecurity activities are consistent, repeatable, and of high quality. The CMMC domains in blue show which of those domains SafeShare can contribute too.

CMMC Domains
SafeShare can Contribute to CMMC in the Blue Domains

Level 1 – Basic Cyber Hygiene

Level 1 is about basic safeguarding of FCI using practices such as antivirus software or ensuring employees change passwords regularly to protect FCI.

Process maturity is not assessed at level 1 and unless documentation is specified directly in the practice, it is not required.

Of the 17 capability domains in Maturity Level One, SafeShare directly assist with:

  • access control, 
  • audit and accountability, 
  • configuration management, 
  • maintenance, 
  • media protection,
  • physical protection, 
  • recovery, 
  • security assessment,
  • system and communications protection,
  • system and information integrity.

Maturity Level 2 – Intermediate Cyber Hygiene

Maturity Level 2 is a transitional step in cybersecurity maturity progression to protect CUI but you cannot access CUI at this level. Level 2 consists of a subset of the security requirements specified in NIST SP 800-171, as well as practices from other standards and references.

To reach level 2 your company will have to establish and document practices within a domain. The documentation of these practices will enable your organization to execute the CMMC practices in a repeatable manner and to achieve expected outcomes. 

In addition, ML2 requires that your organization has a guiding policy that establishes the objectives and importance of the CMMC domain.

Maturity Level 3 – Good Cyber Hygiene

Level 3 focuses on the protection of CUI –  all DIB organizations will now need to achieve CMMC Level 3 certification or above before they can receive CUI in any domain.

To achieve Maturity Level 3 you will need to show your DIB organization has established, maintained, and resourced an institutionalised management plan for CMMC domain activities, such as information on missions, goals, project plans, resourcing, required training, and involvement of relevant stakeholders. 

At Maturity Level 3, you must resource your CMMC activities as defined in the plan.

Maturity Level 4 – Proactive

Maturity Level 4 focuses more on the proactive activities your organization can take to detect, protect and respond to cybersecurity threats. 

The practices required at this level of maturity enhance your organization’s ability to address and adapt to the changing tactics, techniques, and procedures used by advanced persistent threats (APT)s. APTs are adversaries that possess sophisticated levels of expertise and significant resources to establish illicit and undetected long-term presence on your network to mine highly sensitive data.

At Maturity Level 4 your organization must have implemented processes for reviewing and measuring the effectiveness of practices as well as to review and establish practices for effectiveness. You must also take corrective actions when necessary and inform higher level management of status or issues on a recurring basis.  

Maturity Level 5 – Advanced/Progressive

Maturity Level 5 requires standardization and optimization of all process implementation throughout your organization and additional enhanced practices that provide more sophisticated capabilities to detect and respond to APTs.

Your company must develop procedures from standard guidance provided by senior management, communicating and sharing improvement information throughout your entire organization. A company must have standardised and optimized processes in place across the organization.

SafeShare Can Help Your Organization Prepare For CMMC Certification  

SafeShare provides your DIB organization with the IT infrastructure to apply the policies to the real world, as well as giving you the tool to internally assess your progress to the level of CMMC certification you need to achieve.

At Cocoon Data we work with DIB organizations worldwide to navigate government compliance regulations, and we know how challenging it can be for defense contractors to keep up with these regularly evolving compliance requirements. We are fully certified to ISO 27001 and undertake regular external audits to ensure we meet strict, documented standards. 

Contact us to find out how using SafeShare can assist in obtaining your Cybersecurity Maturity Model Certification (CMMC)

Read more on CMMC Compliance Requirements here.

Arrow-up