Support Nearly 90% of Level 2 Practice Requirements Out of the Box
Deploy Kiteworks for a big head start in the race to comply with CMMC Level 2. The platform itself checks the boxes for defense in depth, such as built-in hardening, encryption of data and metadata, and zero trust between services. Simply select the policies you need, such as least-privilege access controls and separation of duties to prevent unauthorized access, and leverage its comprehensive, centralized logging and reporting to prove compliance to auditors.
Ease Deployment With FedRAMP Moderate Authorization
Avoid the time and cost of proving your cloud platform meets 325 NIST 800-53 security controls—critical to CMMC—by adopting one the U.S. federal government has already approved: FedRAMP Moderate Authorized. Unlike using “FedRAMP equivalent” vendors, you won’t need to show it complies with requirements for regular pen tests, employee screening, strong encryption, physical security, incident response plans, and many others.
Safeguard CUI With Centralized, Comprehensive Access Controls
Efficiently administer a single set of user roles and policies to protect all the communication channels the Kiteworks platform consolidates. Reduce inadvertent or malicious CUI exposure with default least-privilege access controls over folders, emails, SFTP, managed file transfer (MFT) flows, and forms, as well as clients, functions, repositories, and domains. And no matter what deployment option you choose, Kiteworks employees never have access to content in your Kiteworks system.
Protect CUI With Seamless Encryption and Data Protection Integrations
Kiteworks encrypts CUI with strong ciphers in transit and at rest. End-users email and share files with partners from wherever they work, in Outlook, in Office, on the web or mobile, or with plugins to enterprise applications. They never have to worry about keys or certificates because the platform manages them invisibly behind the scenes. Prevent the spread of leaks or malware, however, by automatically scanning files with DLP, ATP, and AV.
Simplify Audits and Hold Malicious Actors Accountable With Unified Logging and Reporting
Depend on the comprehensive, immutable audit trail Kiteworks provides for all user, automated, and admin activities, including all actions on content, permissions, and configuration. Analyze, alert, and report on the events using built-in tools, or forward to your SIEM via syslog or the Splunk Forwarder for deeper analysis.
Tightly Manage Configurations to Maintain Security
The Kiteworks hardened virtual appliance follows the principle of least functionality required for CMMC compliance by exposing only a few essential ports, with all nonessential services disabled. Further, the server prevents users and administrators from accessing the operating system or installing software, enforces strict separation of duties, and logs every configuration change. And when you prepare for audits, it provides the reporting you need to validate configurations and documented controls.