As a contractor in the defense industrial base, you are working to secure and maintain your project commitments with the Department of Defense (DOD). Part of that effort involves standing out from the competition with compliance to CMMC and NIST 800-171.
One tool that can help you close your security gaps is the Federal Enclave, offered by CyberSheath. This enclave functions as part of your security infrastructure that houses CUI and CUI-related projects in compliance with CMMC policies. Leveraging this solution means that your company will not have to bring your entire on-premise infrastructure into the enclave, making it more affordable.
What users in your organization need the Federal Enclave?
The answer is straightforward—all parts of the business that touch, handle or manage CUI. Anything CUI-related should reside in the enclave and should only be accessed from the enclave. With the enclave existing in Azure’s government cloud, users are not tied to an office or to a specific device.
End users are able to log into the enclave from anywhere to send emails that contain CUI, work on CUI projects, access applications they need to modify CUI, and more. Apps that go inside of the enclave include FedRAMP-approved apps, apps used in day-to-day operations that contain CUI, and in some cases email. Most users are going to have a secondary email address that is inside of the enclave, but that’s not always the case as it depends if it is a full migration to the enclave or a secondary greenfield environment.
The more users you have inside of your enclave, the higher the cost, both from a resource and licensing perspective. Only including users who are accessing CUI or CUI projects is the best way to manage costs.
Enclave use cases
The DOD contracts your business handles dictate your usage of the Federal Enclave. Here are a few examples.
- A company that sells accounting software would potentially only have a few enclave users because of potential CUI data in the financial records they have access to.
- An IT firm working on projects for government contracts, would require more users access to the enclave, depending on what government contracts they accept and what users work on those projects.
- Commercial companies that do most of their business in the retail space but still realize a portion of their revenue serving the government would only need that part of their infrastructure that touches government contracts in the enclave.
Keep in mind that protecting CUI is an end-to-end endeavor typically starting with project managers, CTOs, and CIOs. At CyberSheath, as we onboard a company, we scope the exact users/roles requiring enclave access to include anybody who touches CUI—and that goes from the top of the house all the way to the bottom.
Federal Enclave benefits
- Compliance – Enlisting the enclave helps your company demonstrate compliance with CMMC controls that are reviewed during an audit.
- Security – Our enclaves have more controls in place to ensure proper cybersecurity hygiene. Our solution keeps track of audit logs and supports access security for your company better than a commercial or typical user tenant does.
- Ease of use – The CyberSheath Federal Enclave makes it easy for users to log into their desktop and have their second environment look exactly like their normal desktop.
Onboarding to the enclave
For typical users, transitioning to the enclave takes a few months, depending on the scope. In the assessment phase, we take stock of everything and figure out how your organization is structured and where the data and the information resides. This process enables us to develop an enclave timeline.
Sometimes proprietary programs or legacy applications that companies use to handle CUI present a problem. Moving those applications into the cloud can offer the benefit of relieving aging on-premise hardware. If you have a legacy application that you need to gate off, it’s a lot easier to do in the enclave than it is on-premise.
Your company can rely on CyberSheath to deliver the compliance that the Federal Enclave promises. Contact us to get started.