there are no posts to show...

Helpful Resources


Once you understand what you need to protect Controlled Unclassified Information (CUI) in federal contracts and key considerations for setting up an enclave, it’s time to get started with a solution that best serves your organization.


CyberSheath’s Federal Enclave can meet you at any point of your Cybersecurity Maturity Model Certification (CMMC) journey. Whether your architecture is an all-cloud environment or includes legacy infrastructure, Federal Enclave has a comprehensive feature set that will meet compliance requirements.


With CyberSheath’s Federal Enclave, you have multiple commitment levels based upon your functionality and user needs, and all the tools, licensing, and processes you’ll need in one low monthly price. Extensive conditional access control includes VPNs, endpoint detection and response, log aggregation, multi-factor authentication, private certificates and private domain services, a managed SIEM with SOC support, incident alerting and reporting, and a sophisticated data leak safeguard to detect CUI breaches or incidents.


Let’s take a look at the two levels to Federal Enclave, based on current customer uses and the need to share, collaborate, process, and interface with CUI. Keep in mind that CUI custodial data responsibility doesn’t need to flow actual CUI information in any business process, communications, or applications, but rather can allow for direct links to a protected, directed SharePoint.


Level 1: Data, Sharepoint, Collaboration Windows/Azure Virtual Desktop (option), Full Microsoft Office, OneDrive Storage Capability

This provides a cost-efficient, yet fully compliant option for small- and medium-sized contractors or those with few CUI users.

  • Small datasets and few CUI contracts
  • Generally operate at CMMC 2.0 Level 1/Level 2 and need to quickly become compliant for contracts can allow for Level 3 capabilities
  • Lots of transient workers, like contractors
  • Need to process CUI in Microsoft Office applications and store various documents outside of a shared teams environment.
  • Need to store in individual data files for private use
  • Need secure endpoint access to the enclave


Level 2: Third-Party / Private / Custom Application + Level 1 capabilities

  • All of the attributes in Level 1, plus the need to process CUI in third-party, private or custom applications
  • Micro segment CUI permissions
  • Need many virtual, private, CUI-specific contracts, segments, and customers set up without any interface between them


CyberSheath has helped more than 500 clients discover their compliance starting point and roadmap. Federal Enclave simplifies adherence to the difficult cybersecurity business requirements and puts CyberSheath in your corner to ensure compliance. Learn more about how Federal Enclave can support your organization by registering for CyberSheath’s webinar to launch Federal Enclave on Feb. 23.

Federal Enclave Webinar


When you’re looking to protect Controlled Unclassified Information (CUI), enclaves have several benefits. But how do you actually get started and what should you consider to ensure you’re successful?


Where to establish the enclave boundary

You need a strategy to isolate CUI and Federal Contract Information (FCI), training for users on the enclave, and ongoing monitoring for compliance with organizational policy. Remember that adopting an enclave might mean a duplicate system to isolate CUI and FCI from your other business.


This may incur indirect costs and cause user inconvenience, so consider carefully where to establish the system boundary for Cybersecurity Maturity Model Certification (CMMC) certification.


Practices vs controls

CMMC’s framework doesn’t specify how a security practice should be applied and most of the required practices allow for multiple avenues of successful implementation. There is, however, a requirement for controls within NIST 800-171 and NIST 800-53. This subtlety is another factor you need to consider when your security professionals embark on the CMMC journey.


Educate them around the nuances of practices vs. controls and be sure your external security assessors have completed CMMC training.


CyberSheath’s Federal Enclave accounts for the multiple approaches to compliance and is able to adjust to the different levels of CMMC 2.0, which will likely soon be required of contractors outside the Department of Defense (DoD).


Next steps

CyberSheath has helped more than 500 clients discover their compliance starting point and roadmap. We’re holding a webinar on Feb. 23 that covers these considerations in greater depth and how Federal Enclave helps you ensure compliance. Register now!

Federal Enclave Webinar



CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO