What to Consider When Building an Enclave Compliance Strategy

By Carl Herberger • February 7, 2022

When you’re looking to protect Controlled Unclassified Information (CUI), enclaves have several benefits. But how do you actually get started and what should you consider to ensure you’re successful?

 

Where to establish the enclave boundary

You need a strategy to isolate CUI and Federal Contract Information (FCI), training for users on the enclave, and ongoing monitoring for compliance with organizational policy. Remember that adopting an enclave might mean a duplicate system to isolate CUI and FCI from your other business.

 

This may incur indirect costs and cause user inconvenience, so consider carefully where to establish the system boundary for Cybersecurity Maturity Model Certification (CMMC) certification.

 

Practices vs controls

CMMC’s framework doesn’t specify how a security practice should be applied and most of the required practices allow for multiple avenues of successful implementation. There is, however, a requirement for controls within NIST 800-171 and NIST 800-53. This subtlety is another factor you need to consider when your security professionals embark on the CMMC journey.

 

Educate them around the nuances of practices vs. controls and be sure your external security assessors have completed CMMC training.

 

CyberSheath’s Federal Enclave accounts for the multiple approaches to compliance and is able to adjust to the different levels of CMMC 2.0, which will likely soon be required of contractors outside the Department of Defense (DoD).

 

Next steps

CyberSheath has helped more than 500 clients discover their compliance starting point and roadmap. We’re holding a webinar on Feb. 23 that covers these considerations in greater depth and how Federal Enclave helps you ensure compliance. Register now!

Federal Enclave Webinar

 

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.