Fixing CMMC and NIST 800-171 Compliance on “The Virtual CISO Podcast” from Pivot Point Security

Share Article

Bad news for organizations competing for US Department of Defense (DoD) contracts—the most popular SaaS email and file sharing platforms that SMBs are so widely using, including Microsoft Office 365, Google G Suite, Dropbox, Box and many others, do not meet the NIST 800-171 or CMMC security requirements that DoD contractors must comply with. What’s to be done?

The Virtual CISO Podcast - Pivot Point Security
If your business needs to comply with CMMC or NIST 800-171—or is simply interested in maximizing email and file sharing security—this technology is a potential game-changer you need to be aware of.

Firms in the US Defense Industrial Base (DIB) that participate in US Department of Defense (DoD) contracts currently need to comply with the NIST SP 800-171 information security framework. They also need to move toward compliance with the new Cybersecurity Maturity Model Certification (CMMC) standard, which focuses explicitly on protecting Controlled Unclassified Information (CUI) at its Maturity Levels 3 and above.

Both NIST 800-171 and CMMC levels 3 to 5 (required for handling CUI), along with even more stringent regulations like the International Traffic in Arms Regulations (ITAR), mandate strict controls around encryption, data import/export, access to data by US citizens only, and other restrictions that commercial cloud offerings like Microsoft Office 365, Google G Suite, Dropbox and many others explicitly do not meet.

To achieve and maintain compliance, DoD suppliers could potentially implement a wide range of specific administrative settings (e.g., Active Directory integration, password policies, account creation, 2FA access, etc.) within an on-premises Microsoft Office environment. Alternatively, they can migrate to Microsoft’s GCC High cloud environment, a costly and time-consuming process. Both these options may be untenable for SMBs short on money and/or time.

What’s a better way to implement “Aerospace & Defense compliant” email and file sharing systems? That’s exactly the question we answer in the latest episode of The Virtual CISO Podcast from Pivot Point Security.

This deep-dive show features Sanjeev Verma, Chairman and co-founder of PreVeil, a Boston-based cybersecurity vendor that offers a low-cost, highly secure email and file sharing solution that complements Office 365 and is a great fit for CMMC compliance. John Verry, Pivot Point Security’s CISO and Managing Partner, hosts the podcast.

If your business needs to comply with CMMC or NIST 800-171—or is simply interested in maximizing email and file sharing security—this technology is a potential game-changer you need to be aware of.

Issues discussed include:

  • Why commercial SaaS solutions don’t meet DoD requirements for handling CUI
  • The time, cost and specific steps associated with moving both large and small organizations from Office 365 to GCC High
  • How PreVeil works across various use cases to make current Office 365 environments CMMC-compliant
  • The massive security benefits of an end-to-end encryption model
  • Why all DIB companies are now active combatants in a war, and what that means for US national security and their individual security postures.

To listen to this episode at any time, along with any of the prior episodes in The Virtual CISO Podcast series, visit this page.

About Pivot Point Security
Since 2001, Pivot Point Security has been helping organizations understand and effectively manage their information security risk. We work as a logical extension of your team to simplify the complexities of security and compliance. We’re where to turn—when InfoSec gets challenging.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jeremy Sporn
Visit website