Skip to content

Your Enterprise Cloud Data Protection Platform

StratoKey's Cloud Data Protection (CDP) Platform helps provide enterprises the security controls needed to keep data safe and compliant in the cloud.

Cloud Data Protection Platform

Cloud Compliance Manager

Compliance management and reporting for HIPAA, GDPR, ITAR, CMMC, NIST 800-53 & 171 and any other regulation or standard.

When You Can't Compromise on Security

StratoKey helps enterprises meet evolving security and compliance requirements with encryption, tokenization, and access controls across SaaS, APIs, and cloud.

There is a new CMMC Style Cybersecurity Guide for GSA: CIO-IT Security-21-112
GSA’s CMMC-LIKE GUIDE

StratoKey

StratoKey has secured sensitive cloud data for clients globally since 2014. Trusted for when you cannot compromise on security, it’s a mission-critical platform used daily for reliable data protection.

Company

Connect

The CDP Platform Now Secures NetSuite SuiteProject Pro

Secure-suiteprojects-pro-with-encryption

 

SOLUTIONS

CMMC Compliance Solutions

StratoKey’s Cloud Data Protection (CDP) Platform intercepts regulated data and stores it encrypted inside your FedRAMP environment, instead transmitting a token to your SaaS app.

Tokenization means your CUI is never exposed to SaaS, only tokens. This can reduce your CMMC scope keeping CUI out of SaaS applications that are not FedRAMP-authorized.

The CDP Platform applies FIPS 140-3 validated encryption to CUI in transit and at rest, with real-time monitoring, configurable policy controls, and audit trails supporting CMMC Level 2 and Level 3 requirements under NIST SP 800-171 Rev 2 and 32 CFR Part 170.

CONTACT US ABOUT CMMC

Get in Touch to Learn More About CMMC Compliance With StratoKey

Please provide your details so we can get in touch about your inquiry.
CUI(2)
StratoKey provides data protection products that help organizations satisfy specific NIST SP 800-171 controls and store regulated data on-premises or in their FedRAMP-authorized environment. It is not a C3PAO and does not provide CMMC compliance advice. For advice, assessment and certification, consult an accredited C3PAO via the Cyber AB Marketplace.

StratoKey Provides Controls for CMMC Compliant SaaS Use

Apply StratoKey CMMC Controls for SaaS Applications
  • Secure CUI and FCI while maintaining app functionality across NetSuite, Plex, ServiceNow, Salesforce, Jira, Confluence, Pipedrive, other Saas Applications,
  • Meet CMMC regulatory requirements and NIST 800-53, NIST 800-171 standards for the handling and storage of CUI and FCI.
  • Store data in a FedRAMP-authorized environment with tokenization.
  • Use tokenization to keep access of export controlled data limited to U.S. citizens.
  • Meet your flow-down responsibility as a prime contractor by reducing exposure of CUI and FCI to subcontractors and CSPs.
  • Mitigate third-party breach risk with encryption managed at arms-length from CSPs in use.
  • Meet a wide range of CMMC requirements with audit capabilities, access management, monitoring and defensive features.

What is CMMC Compliance?

CMMC compliance means meeting the standards of the Cybersecurity Maturity Model Certification (CMMC), a framework from the U.S. Department of Defense that protects sensitive data handled by defense contractors and subcontractors. The goal is to secure Federal Contract Information and Controlled Unclassified Information across the defense supply chain.

CMMC 2.0 Three Maturity Levels

The CMMC Program contains three levels, each incorporating security requirements from existing regulations and guidelines. The level of CMMC certification required depends on the type and sensitivity of information handled.

  • Level 1: Basic security for FCI, following 17 FAR practices.
  • Level 2: Advanced protection for CUI, requiring 110 NIST SP 800-171 controls.
  • Level 3: Highest security, based on NIST SP 800-172.
cmmc levels

Who Needs to Worry About CMMC Compliance?

Regardless of size, any organization that works with the U.S. Department of Defense and handles Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) must comply with their relevant CMMC level requirements. This includes international prime contractors, subcontractors, suppliers, and vendors throughout the global defense supply chain.

Controlled Unclassified Information (CUI)

CUI requires more safeguards than FCI alone. The U.S. National Archives maintains the official CUI Registry, which lists all categories of Controlled Unclassified Information (CUI) that are regulated.

Federal Contract Information (FCI)

FCI is information that is not intended for public release and is provided by or generated for the U.S. government under a contract to develop or deliver a product or service to the government. FCI is defined in FAR 4.1901 and FAR 52.204-21.

Your Cloud Service Provider (CSP) and CMMC Compliance

When using a CSP (CMMC defines a CSP as any external entity providing cloud-based computing services, which explicitly includes SaaS) as part of your CMMC compliance journey, there are several considerations for compliance. Of particular note are CSP FedRAMP requirements and your responsibility to ensure compliance flows down to subcontractors and CSPs.

Your CSP May Need to be FedRAMP-Authorized

If your CSP will process, store, or transmit Controlled Unclassified Information (CUI) as part of a DoD contract, the CSP must be FedRAMP Moderate Authorized, or meet an equivalent security baseline. Tokenization is one method that keeps CUI out of the CSP system. 

Responsibility for Compliance “Flows Down”

You are responsible for ensuring that all vendors, including CSPs, meet the necessary security requirements. This is known as “flow-down” and applies to all subcontractors and service providers in your supply chain. The less regulated data that is exposed to a sub-contractor or CSP the less compliance scope.

Store CUI in Your FedRAMP-Authorized Environment With Tokenization

With StratoKey’s tokenization technology, CUI is completely removed before it reaches your CSP. Instead, only non-sensitive tokens are sent to and stored by the CSP, while the actual regulated data is securely stored in your local environment of choice, such as a FedRAMP-authorized environment (e.g., AWS GovCloud, Azure Government). This approach ensures CUI is not exposed to a non-FedRAMP environment.

  • Maintains data integrity and operations, allowing your applications to function, while still keeping sensitive data protected.
  • Eliminates exposure of CUI and FCI to CSPs reducing scope of regulatory compliance.
  • Supports data residency and sovereignty by storing sensitive data in specific, controlled environments (such as a FedRAMP-authorized environment).
Tokenization can help secure CUI safely within your FedRAMP boundary

StratoKey is Your Complete Cloud Data Protection Stack to Help Meet CMMC Compliance Requirements

The StratoKey CDP platform goes beyond encryption and tokenization to provide features that help organizations meet a wider range of compliance requirements, not merely a small subset.

Tokenization

Secure CUI and FCI with tokenization. CUI remains securely encrypted (FIPS 140-3 validated) and stored in a vault within your FedRAMP-authorized boundary.

Access Control 

Enforces user identification, group policies, and advanced authentication to keep access to CUI and FCI within your control.

Audit Controls

Logs every user interaction with secured CUI and FCI supporting audit and reporting requirements and enabling rapid incident response.

Monitoring & Policy Enforcement

Delivers analytics and immediate policy enforcement to detect and prevent unauthorized access to CUI or FCI or data misuse.

Meet CMMC Compliance Requirements Across Your Cloud Applications

StratoKey is application-agnostic and can be configured to your organization's specific CMMC compliance requirements. StratoKey offers deep support for several integrations including, Plex NetSuite, SuiteProjects Pro, Salesforce, Pipedrive, Jira, Confluence, Slack and ServiceNow.

Ready to Secure CUI and FCI to Meet CMMC Compliance Requirements?

Our team are experienced at assisting organizations secure FCI and CUI handled by defense contractors and subcontractors. Built with NIST standards at its core, ask us how the StratoKey CDP platform can help. If you are not sure if we support CMMC compliance for your specific SaaS application get in touch. The CDP platform is application-agnostic.

 

contact us about cmmc

Contact Us About Securing CMMC-Regulated Data