CMMC Endpoint Backup with FileCloud

FileCloud is a hyper-secure, enterprise-grade file sharing and data governance solution that is constantly innovating and improving based on three central concepts: security, ease-of-use, and collaboration.

The comprehensive feature stack incorporates compliance support solutions across a variety of regulations and standards, not just CMMC. With tools like data leak protection, data retention policies, role-based access controls, and digital rights management, admins and users are both empowered to contribute to data security without sacrificing efficiency or stifling productivity.

CMMC Endpoint Backup Requirements

Within CMMC 2.0, backup requirements are explicitly addressed in the domain, Media Protection (MP).

Backup security is also implicitly addressed in another CMMC domain, as interpreted by FileCloud. The Maintenance (MA) domain is generally defined within CMMC 2.0 as “manage maintenance.”

The explicit requirements for CMMC Level 2 are focused on:

• equipment sanitization
• media inspection
• nonlocal maintenance
• maintenance personnel

However, the sole Level 1 requirement (MP.L1-3.8.3) is to “Perform Maintenance,” further described as “Perform maintenance on organizational systems.”

Many CMMC requirements are left in these broad terms, because the manner in which the requirement is met can differ across different types of organizations and businesses. A contractor with 10 employees is going to have an entirely different system from an enterprise provider with 10,000. With this in mind, FileCloud can be used to meet an element of this maintenance requirement, in the form of automated endpoint backups within a hyper-secure, encrypted FileCloud instance.

(Want a deeper look at CMMC 2.0 requirements and how FileCloud functions can be mapped to them?
Check out our CMMC 2.0 white paper!)

CMMC 2.0 and the Shared Responsibility Model

FileCloud supports compliance with CMMC 2.0 requirements through a shared responsibility model. What this means is that FileCloud can be leveraged by a client (for example, a Department of Defense subcontractor) to meet many of the cybersecurity requirements for file sharing and data management.

When CMMC is officially rolled out, contractors and subcontractors will be responsible for demonstrating compliance and achieving certification within the CMMC program at a specific level. Once the client has been assessed and certified, they can bid on DoD contracts that match their certification.

CMMC 2.0 addresses both hardware and software cybersecurity best practices. When deployed as an on-premises product, FileCloud can be explicitly configured by the client to meet exact requirements.

In both cases, whether FileCloud is operated as a service or product by the client, it is up to the client to leverage FileCloud in such a way that meets their use case, including CMMC requirements. This is often done in tandem with other tools and technologies, as part of a holistic CMMC compliance solution.

6 Ways FileCloud supports CMMC Compliant Endpoint Backup

1. FileCloud enables encryption at rest and in transit through FIPS mode (certified FIPS 140-2 cryptographic module, CMVP certificate #3338).
2. Self-host FileCloud on-premises or as a private cloud for an all-in-one EFSS solution or as a hybrid proxy (file access overlay) to existing storage infrastructure.
3. Enable authentication mechanisms via two-factor authentication (2FA) enforcement and integration with SAML 2.0 SSO and active directories.
4. Set granular access and sharing permissions to ensure authorized users only have access to the data they need.
5. Activate automated backups for media files, so devices connected to FileCloud will automatically upload media data without manual intervention.
6. Adjust FileCloud’s unlimited versioning to suit specific use cases; leave as is for unlimited file versioning or set version and file size limits to conserve system space.

These are only a few of the security tools and settings in FileCloud that can be leveraged to support CMMC compliance. Dive into FileCloud’s robust security offerings through our dedicated page or by checking out our on-demand demo.