Compliance Regulation

Compliance Regulations Reference # Requirement Data Defense Secure SSD
CAVP Cert A2978 Cryptographic Algorithm Validation Program of Cigent PBA Software X X
CMMC L3 Cert A3301 Encrypt CUI on mobile devices and mobile computing platforms. X X
CMMC L3 MA.3.115 Ensure equipment removed for off-site maintenance is sanitized of any CUI. X
CMMC L3 MP.3.123 Prohibit the use of portable storage devices when such devices have no identifiable owner. X X
CMMC L3 MP.3.124 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. X X
CMMC L3 MP.3.125 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. X X
CMMC L3 PE.3.136 Enforce safeguarding measures for CUI at alternate work sites. X X
CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. Q1/CY23 X
CMMC L3 SC.3.182 Prevent unauthorized and unintended information transfer via shared system resources. X X
CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. X X
CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. X X
CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. X X
CMMC/NIST 800-171 (Control Family) Access Control (Partial) X X
CMMC/NIST 800-171 (Control Family) Audit and Accountability (Partial) X X
CMMC/NIST 800-171 (Control Family) Configuration Management (Partial) X X
CMMC/NIST 800-171 (Control Family) Identification and Authentication X X
CMMC/NIST 800-171 (Control Family) Incident Response (Partial) X X
CMMC/NIST 800-171 (Control Family) Media Protection X X
CMMC/NIST 800-171 (Control Family) Personnel Security (Partial) X X
CMMC/NIST 800-171 (Control Family) Risk Assessment X X
CMMC/NIST 800-171 (Control Family) Security Assessment (Partial) X X
CMMC/NIST 800-171 (Control Family) System and Communication X X
CMMC/NIST 800-171 (Control Family) System and Information Integrity X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Detect Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
CSfC DAR Capability Package 5.0 Provides an inner layer of encryption. Requires Seagate Barracuda 515 or DIGISTOR C Series Advanced SSD 2H/CY23 2H/CY23
Executive Order – May 12, 2021 14028 Agencies shall adopt multi-factor authentication and encryption for data at rest and in transit X X
FAR 52.204-21, NIST 800-171, CMMC L1-5 AC.1.004 Control information posted or processed on publicly accessible information systems. X X
FAR
52.204-21, NIST 800-171, CMMC L1-5
MP.1.118 Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. X X
FFIEC (Control Family) Access and Data Management X X
FFIEC (Control Family) Anomalous Activity Detection X X
FFIEC (Control Family) Device/End-Point Security X X
FFIEC (Control Family) Event Detection X X
FFIEC (Control Family) Identification and Authentication (Partial) X X
FFIEC (Control Family) Infrastructure Management (Partial) X X
FFIEC (Control Family) Remediation (Partial) X X
FFIEC (Control Family) Threat and Vulnerability Detection X X
FFIEC (Cybersecurity Framework Support) Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
FFIEC (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
FFIEC (Cybersecurity Framework Support) Detect Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) X X
FFIEC (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
FFIEC (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
FIPS 140-2 Level 1 FIPS Inside: FIPS Validated Open SSL 3.0 module Q1/CY23
FIPS 140-2 Level 2 Certificate #4186 X
GDPR (Control Family) Identity and Access Management X X
GDPR (Control Family) Data Loss Prevention (DLP) X X
GDPR (Control Family) Encryption & Pseudonymization X X
GDPR (Control Family) Policy Management (Partial) X X
GDPR
(Cybersecurity Framework Support)
Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
GDPR (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
GDPR (Cybersecurity Framework Support) Detect Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) X X
GDPR (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
GDPR (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
HIPPA (Control Family) Access Control X X
HIPPA (Control Family) Authentication X X
HIPPA (Control Family) Encryption and Decryption X X
HIPPA (Control Family) Reporting Security Incidents (Partial) X X
HIPPA (Control Family) Policy Management (Partial) X X
HIPPA (Control Family) Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
HIPAA (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
HIPAA (Cybersecurity Framework Support) Detect Defines the appropriate activites to identify the occurrence of a cybersecurity event. (Partial) X X
HIPAA (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
HIPAA (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
NIAP Common Criteria FDE-AA Full Disk Enryption Authorization Acquisition certification of Cigent PBA Software 2H/CY23 2H/CY23
NIAP Common Criteria FDE-EE VID 11297 and 11322 Full Disk Encryption Encryption Engine. Requires Seagate Barracuda 515 or DIGISTOR C Series Advanced SSD. In Evaluation
NIST 800-171, CMMC L2-5 AC.2.006 Limit use of portable storage devices on external systems. X X
NIST 800-171, CMMC L2-5 MP.2.120 Limit access to CUI on system media to authorized users. X X
NIST 800-171, CMMC L2-5 MP.2.121 Control the use of removable media on system components. X X
NIST 800-171, CMMC L2-5 SI.2.214 Monitor system security alerts and advisories and take action in response. X X
NIST 800-171, CMMC L2-5 SI.2.217 Identify unauthorized use of organizational systems. X X
NSA/CSS Storage Device Sanitization PM9-12 Requirements for device sanitization X
TAA Compliant Trade Agreements Act X X