CMMC Compliance & File Sharing
MyWorkDrive provides the necessary safeguards to help companies meet the security requirement of Cybersecurity Maturity Model Certification (CMMC) File Sharing. CMMC is a system of compliance levels that helps the United States Federal Government (specifically the Department of Defense) determine whether an organization has the security necessary to work with controlled or otherwise vulnerable data. In addition to the Federal Government, many states and local jurisdictions will be requiring CMMC compliance.
Companies that use file sharing systems will need to certify compliance with specific CMMC regulations. Generally, this is done by building and following a CMMC framework and using CMMC best practices The include compliance standards such as FIPS, FINRA, FEDRAMP HIPAA and the EU Data Protection Directive GDPR. MyWorkDrive enables organizations to deploy file sharing that meets CMMC compliance standards on their own Windows file server infrastructure while still providing users with an enterprise file share collaboration and remote access solution without migrating files to proprietary cloud storage sync/share services.
The requirements for CMMC compliance related to file sharing are extensive. The MyWorkDrive team collated some of the file sharing related requirements in the CMMC Compliance checklist below for easy reference.
MyWorkDrive CMMC Compliant File Sharing Features
Using MyWorkDrive, organizations can provide secure file sharing access to their employees that meet the requirements of CMMC.
- MyWorkDrive supports the complex username/password requirements built into Active Directory as well two-factor authentication.
- All data exchanged transmitted is encrypted using SSL, a standard security technology for encrypting data transmission.
- MyWorkDrive ensures data is fully encrypted using advanced AES 256 encryption with TLS 1.2 during transmission.
- MyWorkDrive fully supports accessing files encrypted with Windows Server file encryption (Encryption at rest).
With native support for NTFS and Access Based Enumeration no login information or access to files is ever stored or used by MyWorkDrive. All file access is granted in the context of the currently logged on user only. As an additional security precaution we have designed MyWorkDrive so that it is not possible to grant more privileges to shares in MyWorkDrive than are already provisioned in Windows under NTFS – we inherit existing permissions providing for least privilege access.
MyWorkDrive has been awarded the Skyhigh CloudTrust™ rating of “enterprise-ready” for its MyWorkDrive Secure FileShare remote access software. Skyhigh identifies and classifies thousands of cloud services and provides an objective and detailed evaluation of the enterprise-readiness of each cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). More…
Data Loss Prevention
MyWorkDrive helps organizations prevent file records from accidental deletion. If a user deletes any sensitive files, this information is logged. Since MyWorkDrive ties into Windows Server shadow copies, previous versions or deleted files can be restored easily. MyWorkDrive administrators can also enable our Data Loss Prevention (DLP) feature which allows users to only edit or view, but not download or delete files at the share, user or global system level.
Prevent unapproved devices from connecting to file shares remotely that have not been approved by the network administrator. View usage, last login and operating system details for all clients. Learn More…
Data Retention and Archiving
MyWorkDrive allows customers to enable cloud access to files with existing data retention and archiving policies consistent with CMMC Compliance. Since no data is ever changed or stored by MyWorkDrive, existing backup software, archiving and data retention procedures may be maintained or customized to meet the needs of the business.
Logging and Reporting
All access, modifications, deletions and user activity is logged. Any file changes are logged with an audit trail and information about who changed the file and when (Date and Time) it was changed. Audit logs can be searched based on keywords or exported as needed for additional discovery and reporting and may be integrated with standards based syslog servers. MyWorkDrive supports alerts for file activities exceeding management thresholds.
Access Based Enumeration
MyWorkDrive integrates with Windows Server Access Based File Enumeration feature. Users only see folders for files for which they have Active Directory permissions. This ensures that users only see files they have permissions to on the Windows file shares and overrides any folder shares made available to them in MyWorkDrive for least privilege access. This feature is enabled by default in MyWorkDrive and does not require manual or duplicate permissions management by the systems administrator.
File Access Security Controls
MyWorkDrive adds intelligence around access of windows file shares remotely. Unlike VPN, MyWorkDrive has numerous components that enable enterprises to enable least privileged protection for critical company files from unauthorized access and data theft including:
- File Type Blocking/Allow Lists for mapped drive clients
- File download, delete and modification alerts
- Device Approval
- Data Leak Prevention Controls
- Extensive logging
- Two Factor Authentication
- SHA 256/TLS High Encryption Support
- SAML/ADFS MFA Support
- Zero Trust Access provides access to Web, Mapped Drive or mobile clients over a single secure port
- Granular Session Timeouts
- Native Windows IIS sites easily patched and locked down.
- MyWorkDrive fully supports placement behind front end proxy security appliances in the DMZ in addition to Cloudflare to additionally protect and secure the MyWorkDrive Web File Access portal.
MyWorkDrive has been issued a FIPS 186-4 RSA algorithm validation certificate #3018 from the US Government National Institute for Standards and Technology (NIST). FIPS compliance adds to the list of MyWorkDrive’s data security compliance partners including Duo Security and SkyHigh CloudTrust.™ Government agencies can deploy MyWorkDrive infrastructure on-premise as 100% private cloud to meet their security requirements or as a hybrid cloud. In private cloud mode all files, transmissions and document edits are contained within the government agency’s infrastructure including support for a Local Office Online Server. When deployed as a hybrid cloud, Office documents can be viewed and edited in Office 365 online in Microsoft’s FEDRAMP compliant Office 365 editors securely with a direct secure tunnel between the agency and Microsoft.