Contact Us
Get a Demo

COMPLIANCE REGULATION

Compliance Regulations Reference # Requirement Data Defense Secure SSD
CAVP

Cert A4388

Cryptographic Algorithm Validation Program for Cigent Data Defense Pre Boot Authentication (PBA) Software X X
CMMC L3 AC.3.022 Encrypt CUI on mobile devices and mobile computing platforms. X X
CMMC L3 MA.3.115 Ensure equipment removed for off-site maintenance is sanitized of any CUI.   X
CMMC L3 MP.3.123 Prohibit the use of portable storage devices when such devices have no identifiable owner. X X
CMMC L3 MP.3.124 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. X X
CMMC L3 MP.3.125 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. X X
CMMC L3 PE.3.136 Enforce safeguarding measures for CUI at alternate work sites. X X
CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. X X
CMMC L3 SC.3.182 Prevent unauthorized and unintended information transfer via shared system resources. X X
CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. X X
CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. X X
CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. X X
CMMC/NIST 800-171 (Control Family)   Access Control (Partial) X X
CMMC/NIST 800-171 (Control Family)   Audit and Accountability (Partial) X X
CMMC/NIST 800-171 (Control Family)   Configuration Management (Partial) X X
CMMC/NIST 800-171 (Control Family)   Identification and Authentication X X
CMMC/NIST 800-171 (Control Family)   Incident Response (Partial) X X
CMMC/NIST 800-171 (Control Family)   Media Protection X X
CMMC/NIST 800-171 (Control Family)   Personnel Security (Partial) X X
CMMC/NIST 800-171 (Control Family)   Risk Assessment X X
CMMC/NIST 800-171 (Control Family)   Security Assessment (Partial) X X
CMMC/NIST 800-171 (Control Family)   System and Communication X X
CMMC/NIST 800-171 (Control Family)   System and Information Integrity X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Detect Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
CMMC/NIST 800-171 (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
CSfC DAR Capability Package 5.0   Cigent PBA Software is certified for Authorization Acquisition (CPP FDE-AA)

X

 

CSfC DAR Capability Package 5.0   Seagate Barracuda 515 and DIGISTOR Citadel C Series Advanced SSD (DIGISTOR TCG OPAL SSC FIPS SSD Series) are certified for Collaborative Protection Profile Full Drive Encryption -- Encryption Engine (CPP FDE-EE)

 

X

Executive Order – May 12, 2021 14028 Agencies shall adopt multi-factor authentication and encryption for data at rest and in transit X X
FAR 52.204-21, NIST 800-171, CMMC L1-5 AC.1.004 Control information posted or processed on publicly accessible information systems. X X
FAR
52.204-21, NIST 800-171, CMMC L1-5
MP.1.118 Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. X X
FFIEC (Control Family)   Access and Data Management X X
FFIEC (Control Family)   Anomalous Activity Detection X X
FFIEC (Control Family)   Device/End-Point Security X X
FFIEC (Control Family)   Event Detection X X
FFIEC (Control Family)   Identification and Authentication (Partial) X X
FFIEC (Control Family)   Infrastructure Management (Partial) X X
FFIEC (Control Family)   Remediation (Partial) X X
FFIEC (Control Family)   Threat and Vulnerability Detection X X
FFIEC (Cybersecurity Framework Support) Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
FFIEC (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
FFIEC (Cybersecurity Framework Support) Detect Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) X X
FFIEC (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
FFIEC (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
FIPS 140-2 Level 1   FIPS 140-2 Inside 4282: FIPS Validated Open SSL 3.0 module

X

 
FIPS 140-2 Level 2   Certificate #4186   X
GDPR (Control Family)   Identity and Access Management X X
GDPR (Control Family)   Data Loss Prevention (DLP) X X
GDPR (Control Family)   Encryption & Pseudonymization X X
GDPR (Control Family)   Policy Management (Partial) X X
GDPR
(Cybersecurity Framework Support)
Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
GDPR (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
GDPR (Cybersecurity Framework Support) Detect Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) X X
GDPR (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
GDPR (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
HIPAA (Control Family)   Access Control X X
HIPAA (Control Family)   Authentication X X
HIPAA (Control Family)   Encryption and Decryption X X
HIPAA (Control Family)   Reporting Security Incidents (Partial) X X
HIPAA (Control Family)   Policy Management (Partial) X X
HIPAA (Control Family) Identity Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. X X
HIPAA (Cybersecurity Framework Support) Protect Outlines appropriate safeguards to ensure delivery of critical infrastracture services X X
HIPAA (Cybersecurity Framework Support) Detect Defines the appropriate activites to identify the occurrence of a cybersecurity event. (Partial) X X
HIPAA (Cybersecurity Framework Support) Respond Includes appropriate activities to take action regarding a detected cybersecurity incident. X X
HIPAA (Cybersecurity Framework Support) Recover Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) X X
NIAP Common Criteria FDE-AA Cert 11378 Full Disk Encryption Authorization Acquisition certification of Cigent PBA Software X  
NIAP Common Criteria FDE-EE Cert 11297 and 11322 Full Disk Encryption Encryption Engine. Requires Seagate Barracuda 515 or DIGISTOR C Series Advanced SSD.   X
NIST 800-171, CMMC L2-5 AC.2.006 Limit use of portable storage devices on external systems. X X
NIST 800-171, CMMC L2-5 MP.2.120 Limit access to CUI on system media to authorized users. X X
NIST 800-171, CMMC L2-5 MP.2.121 Control the use of removable media on system components. X X
NIST 800-171, CMMC L2-5 SI.2.214 Monitor system security alerts and advisories and take action in response. X X
NIST 800-171, CMMC L2-5 SI.2.217 Identify unauthorized use of organizational systems. X X
NSA/CSS Storage Device Sanitization PM9-12 Requirements for device sanitization   X
TAA Compliant   Trade Agreements Act X X