Over 300,000 DoD contractors and subcontractors can address almost 90% of CMMC 2.0 Level 2 requirements out of the box.

Palo Alto, Calif., August 25, 2022 – Kiteworks, the leading platform for ensuring regulatory compliance and effectively managing risk with every send, share, receive, and save of sensitive content, announced today that the Kiteworks platform makes it easy for organizations to achieve Cybersecurity Maturity Model Certification (CMMC) 2.0 compliance. CMMC 2.0 is an enhanced version of CMMC 1.0. Kiteworks enables organizations to be compliant with nearly 90% of the current practices delineated in CMMC 2.0 Level 2. This removes many of the CMMC barriers facing contractors and subcontractors that conduct business with the U.S. Department of Defense, enabling them to demonstrate CMMC 2.0 compliance in weeks versus months.

CMMC 2.0 applies to all contractors and subcontractors—which total more than 300,000—that engage directly with the DoD. The DoD launched CMMC to safeguard sensitive national security information. It is a comprehensive framework for organizations sending, sharing, receiving, and storing sensitive content with the DoD.

The initial version of CMMC was implemented in November 2020, with an updated program structure and requirements under CMMC 2.0 released in November 2021. CMMC 2.0 consolidates the five levels under CMMC 1.0 into three—Foundational (Level 1), Advanced (Level 2), and Expert (Level 3). Level 2 aligns with National Institute of Standards & Technology (NIST) 800-171, and Level 3 will align with NIST SP 800-172 when it is released. Compliance with CMMC 2.0 certifies that organizations have the commensurate protections in place to manage risk associated with handling and processing of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC 2.0 simplifies the CMMC standards and provides additional clarity on cybersecurity regulatory and other requirements. It institutes best practices, controls, and assessments to confirm that DoD contractors and subcontractors are compliant with CMMC 2.0.

Kiteworks-enabled Private Content Network Delivers Extensive CMMC 2.0 Coverage

“CMMC 2.0 compliance is critically important to hundreds of thousands of DoD contractors and subcontractors,” said Frank Balonis, CISO and Senior Vice President of Operations at Kiteworks. “The Kiteworks platform provides them with out-of-the-box compliance that streamlines and automates sensitive content communications with the DoD. Kiteworks provides them with robust digital communications of confidential DoD data that is both private and compliant. The complexity of annual and perennial audits to demonstrate CMMC compliance is also streamlined—which can be a cumbersome and time-consuming process.”

The Kiteworks platform empowers DoD contractors and subcontractors to unify sensitive content communications into dedicated Private Content Networks (PCNs) and to institute automated policy controls and tracking and cybersecurity protocols that align with CMMC 2.0 practices. Some of the core capabilities in Kiteworks that enable rapid CMMC 2.0 compliance include:

  • Consolidation of secure email, file sharing, file transfer, managed file transfer, web forms, and application programming interfaces (APIs) into one platform that unifies metadata
  • Certification with key U.S. government compliance standards and requirements that include FedRAMP and SOC 2
  • Validated by the National Institute of Standards and Technology (NIST) for FIPS 140-2 compliance
  • Enable sensitive content communications compliance with regulations and standards such as NIST SP 800-171 and NIST SP 800-172, among others
  • FedRAMP Authorized for moderate level information provides out-of-the-box compliance with CMMC 2.0 Level 2 and over 300 governance controls
  • Protects CUI with enterprise-grade security such as file-level AES 256-bit encryption and key rotation, a fingerprint algorithm for proving file integrity, comprehensive password management, and more
  • Single point of integration for security investments used to protect sensitive data communications under CMMC 2.0 practices
  • Trusted solution engineers and customer success managers and specialists to help design and manage security and compliance in Private Content Networks

Optiv Delivers Rapid Value for Organizations Seeking CMMC 2.0 Compliance

“Organizations within the Defense Industrial Base are experiencing an exponential rise in threats from nation-states, criminal organizations, insiders, and hacktivists, causing a threat to not only sensitive data but to our national security as well,” said James Turgal, Vice President of Cyber Risk, Strategy, and Board Relations at Optiv, the cyber advisory and solutions leader that has delivered strategic and technical expertise to nearly 6,000 organizations across every major industry. “In response to this threat environment, CMMC was created to secure and ensure our supply chain is kept safe and operational. When it comes to CMMC 2.0, Optiv will meet our clients where they are, creating a solution that enables them to easily and quickly demonstrate compliance with each of the individual practice areas, without having to completely restructure their processes and operations.”

Optiv’s CMMC services assists organizations in preparing for audit and review by an accredited assessor. Meeting CMMC 2.0 requirements without slowing down business is a daunting challenge. Optiv’s CMMC Readiness Support team helps businesses think through a fully integrated federal business strategy. In addition to the practice requirements, Optiv guides businesses through their business growth, regulatory compliance, contract compliance, and operational needs to design an efficient, effective, sustainably compliant, and scalable solution.

CMMC 2.0 demands a holistic, organizational response. Many organizations view this as another compliance check-the-box requirement, not realizing the impact CMMC can exert on their company if implemented without considering their broader business. Optiv:

  • Advises on a strategic approach tailored to an organization’s federal business strategy
  • Provides CMMC readiness reviews, including corresponding compliance package artifacts
  • Develops actionable roadmaps with remediation recommendations, should a business require maturation to meet their certification level goals
  • Designs unique, comprehensive CMMC Programs, including the administrative, managerial, and technological components
  • Delivers end-to-end security strategy and implementation offerings to support a business’ maturity efforts

Optiv’s end-to-end Strategy & Transformation offerings provide support and insight as organizations mature their security operations, no matter where they are at on their journey. Optiv seeks to be its clients’ security solutions partner, pulling together their strategic, technical, and operational challenges into one cohesive solution. Optiv seeks to design simple, tailored solutions for complex problems.

Optiv’s CMMC methodology follows an Advise, Deploy, and Operate model for providing cybersecurity assurance:

  • Advise and strategize an approach that works for a business, developing a national security and FCI/CUI/CTI protection strategy that is effective and efficient
  • Deploy policies, processes, and a technology stack to comply with CMMC 2.0 requirements
  • Operate and continuously monitor the information security boundary designed to protect sensitive data

Optiv has taken a proactive approach to CMMC since the release of this security regulatory framework in 2020. Optiv has been active in the marketplace by providing thought leadership and performing readiness assessments and remediation services for clients to help them prepare for CMMC 2.0. Optiv’s team of highly skilled professionals are trained in cybersecurity and possess high levels of knowledge and experience in security assurance. To learn more about Optiv’s CMMC 2.0 service offerings, visit the company’s CMMC website.

For more information on how a Kiteworks-enabled private content network facilitates CMMC 2.0 alignment and compliance, visit the Kiteworks website. 

Additional Resources

Guide: CMMC 2.0 Compliance Mapping for Sensitive Content Communications: How Kiteworks Satisfies Almost 90% of the Level 2 Practice Requirements

– Click Here

Video: Kiteworks’ CISO and SVP of Operations Frank Balonis explains why CMMC 2.0 is important and how Kiteworks simplifies compliance of sensitive content communications.

– Click Here

Kiteworks  

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

Optiv Security: Secure greatness.™

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to more than 7,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.

Media Contact 

Ian Sturgeon
Sturgeon Creative
(303) 902-2834
ian@sturgeoncreative.com

About Accellion

The Accellion enterprise content firewall prevents data breaches and compliance violations from sensitive third party communications. With Accellion, CIOs and CISOs gain complete visibility, compliance and control over IP, PII, PHI, and other sensitive content across all third-party communication channels, providing secure email, secure file sharing, secure mobile file sharing, enterprise app and Microsoft Office plugins, secure web forms, secure file transfer like SFTP, and enterprise workflow automation. Accellion has protected more than 25 million end users at more than 3,000 global corporations and government agencies, including NYC Health + Hospitals; KPMG; Kaiser Permanente; National Park Service; Tyler Technologies; and the National Institute for Standards and Technology (NIST). For more information please visit www.accellion.com or call (650) 485-4300. Follow Accellion on: LinkedIn, Twitter, and Accellion’s Blog.