COMPLIANCE REGULATION
| Compliance Regulations | Reference # | Requirement | Data Defense | Secure SSD |
|---|---|---|---|---|
| CAVP | Cryptographic Algorithm Validation Program for Cigent Data Defense Pre Boot Authentication (PBA) Software | X | X | |
| CMMC L3 | AC.3.022 | Encrypt CUI on mobile devices and mobile computing platforms. | X | X |
| CMMC L3 | MA.3.115 | Ensure equipment removed for off-site maintenance is sanitized of any CUI. | X | |
| CMMC L3 | MP.3.123 | Prohibit the use of portable storage devices when such devices have no identifiable owner. | X | X |
| CMMC L3 | MP.3.124 | Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. | X | X |
| CMMC L3 | MP.3.125 | Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. | X | X |
| CMMC L3 | PE.3.136 | Enforce safeguarding measures for CUI at alternate work sites. | X | X |
| CMMC L3 | SC.3.177 | Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. | X | X |
| CMMC L3 | SC.3.182 | Prevent unauthorized and unintended information transfer via shared system resources. | X | X |
| CMMC L3 | SC.3.185 | Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. | X | X |
| CMMC L3 | SC.3.187 | Establish and manage cryptographic keys for cryptography employed in organizational systems. | X | X |
| CMMC L3 | SC.3.191 | Protect the confidentiality of CUI at rest. | X | X |
| CMMC/NIST 800-171 (Control Family) | Access Control (Partial) | X | X | |
| CMMC/NIST 800-171 (Control Family) | Audit and Accountability (Partial) | X | X | |
| CMMC/NIST 800-171 (Control Family) | Configuration Management (Partial) | X | X | |
| CMMC/NIST 800-171 (Control Family) | Identification and Authentication | X | X | |
| CMMC/NIST 800-171 (Control Family) | Incident Response (Partial) | X | X | |
| CMMC/NIST 800-171 (Control Family) | Media Protection | X | X | |
| CMMC/NIST 800-171 (Control Family) | Personnel Security (Partial) | X | X | |
| CMMC/NIST 800-171 (Control Family) | Risk Assessment | X | X | |
| CMMC/NIST 800-171 (Control Family) | Security Assessment (Partial) | X | X | |
| CMMC/NIST 800-171 (Control Family) | System and Communication | X | X | |
| CMMC/NIST 800-171 (Control Family) | System and Information Integrity | X | X | |
| CMMC/NIST 800-171 (Cybersecurity Framework Support) | Identity | Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. | X | X |
| CMMC/NIST 800-171 (Cybersecurity Framework Support) | Protect | Outlines appropriate safeguards to ensure delivery of critical infrastracture services | X | X |
| CMMC/NIST 800-171 (Cybersecurity Framework Support) | Detect | Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) | X | X |
| CMMC/NIST 800-171 (Cybersecurity Framework Support) | Respond | Includes appropriate activities to take action regarding a detected cybersecurity incident. | X | X |
| CMMC/NIST 800-171 (Cybersecurity Framework Support) | Recover | Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) | X | X |
| CSfC DAR Capability Package 5.0 | Cigent PBA Software is certified for Authorization Acquisition (CPP FDE-AA) |
X |
|
|
| CSfC DAR Capability Package 5.0 | Seagate Barracuda 515 and DIGISTOR Citadel C Series Advanced SSD (DIGISTOR TCG OPAL SSC FIPS SSD Series) are certified for Collaborative Protection Profile Full Drive Encryption -- Encryption Engine (CPP FDE-EE) |
|
X |
|
| Executive Order – May 12, 2021 | 14028 | Agencies shall adopt multi-factor authentication and encryption for data at rest and in transit | X | X |
| FAR 52.204-21, NIST 800-171, CMMC L1-5 | AC.1.004 | Control information posted or processed on publicly accessible information systems. | X | X |
| FAR 52.204-21, NIST 800-171, CMMC L1-5 |
MP.1.118 | Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. | X | X |
| FFIEC (Control Family) | Access and Data Management | X | X | |
| FFIEC (Control Family) | Anomalous Activity Detection | X | X | |
| FFIEC (Control Family) | Device/End-Point Security | X | X | |
| FFIEC (Control Family) | Event Detection | X | X | |
| FFIEC (Control Family) | Identification and Authentication (Partial) | X | X | |
| FFIEC (Control Family) | Infrastructure Management (Partial) | X | X | |
| FFIEC (Control Family) | Remediation (Partial) | X | X | |
| FFIEC (Control Family) | Threat and Vulnerability Detection | X | X | |
| FFIEC (Cybersecurity Framework Support) | Identity | Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. | X | X |
| FFIEC (Cybersecurity Framework Support) | Protect | Outlines appropriate safeguards to ensure delivery of critical infrastracture services | X | X |
| FFIEC (Cybersecurity Framework Support) | Detect | Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) | X | X |
| FFIEC (Cybersecurity Framework Support) | Respond | Includes appropriate activities to take action regarding a detected cybersecurity incident. | X | X |
| FFIEC (Cybersecurity Framework Support) | Recover | Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) | X | X |
| FIPS 140-2 Level 1 | FIPS 140-2 Inside 4282: FIPS Validated Open SSL 3.0 module |
X |
||
| FIPS 140-2 Level 2 | Certificate #4186 | X | ||
| GDPR (Control Family) | Identity and Access Management | X | X | |
| GDPR (Control Family) | Data Loss Prevention (DLP) | X | X | |
| GDPR (Control Family) | Encryption & Pseudonymization | X | X | |
| GDPR (Control Family) | Policy Management (Partial) | X | X | |
| GDPR (Cybersecurity Framework Support) |
Identity | Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. | X | X |
| GDPR (Cybersecurity Framework Support) | Protect | Outlines appropriate safeguards to ensure delivery of critical infrastracture services | X | X |
| GDPR (Cybersecurity Framework Support) | Detect | Defines the appropriate activities to identify the occurrence of a cybersecurity event. (Partial) | X | X |
| GDPR (Cybersecurity Framework Support) | Respond | Includes appropriate activities to take action regarding a detected cybersecurity incident. | X | X |
| GDPR (Cybersecurity Framework Support) | Recover | Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) | X | X |
| HIPAA (Control Family) | Access Control | X | X | |
| HIPAA (Control Family) | Authentication | X | X | |
| HIPAA (Control Family) | Encryption and Decryption | X | X | |
| HIPAA (Control Family) | Reporting Security Incidents (Partial) | X | X | |
| HIPAA (Control Family) | Policy Management (Partial) | X | X | |
| HIPAA (Control Family) | Identity | Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities. | X | X |
| HIPAA (Cybersecurity Framework Support) | Protect | Outlines appropriate safeguards to ensure delivery of critical infrastracture services | X | X |
| HIPAA (Cybersecurity Framework Support) | Detect | Defines the appropriate activites to identify the occurrence of a cybersecurity event. (Partial) | X | X |
| HIPAA (Cybersecurity Framework Support) | Respond | Includes appropriate activities to take action regarding a detected cybersecurity incident. | X | X |
| HIPAA (Cybersecurity Framework Support) | Recover | Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. (Partial) | X | X |
| NIAP Common Criteria FDE-AA | Cert 11378 | Full Disk Encryption Authorization Acquisition certification of Cigent PBA Software | X | |
| NIAP Common Criteria FDE-EE | Cert 11297 and 11322 | Full Disk Encryption Encryption Engine. Requires Seagate Barracuda 515 or DIGISTOR C Series Advanced SSD. | X | |
| NIST 800-171, CMMC L2-5 | AC.2.006 | Limit use of portable storage devices on external systems. | X | X |
| NIST 800-171, CMMC L2-5 | MP.2.120 | Limit access to CUI on system media to authorized users. | X | X |
| NIST 800-171, CMMC L2-5 | MP.2.121 | Control the use of removable media on system components. | X | X |
| NIST 800-171, CMMC L2-5 | SI.2.214 | Monitor system security alerts and advisories and take action in response. | X | X |
| NIST 800-171, CMMC L2-5 | SI.2.217 | Identify unauthorized use of organizational systems. | X | X |
| NSA/CSS Storage Device Sanitization | PM9-12 | Requirements for device sanitization | X | |
| TAA Compliant | Trade Agreements Act | X | X |