PUR-S 2022: DriveLock Stays as the Endpoint Protection Champion
DriveLock has been voted one of the Champions in Endpoint Protection in the "Professional User Rating - Security Solutions (PUR-S)" survey conducted...
3 min read
DriveLock Jan 31, 2022 5:00:00 PM
U.S. companies seeking contracts from the U.S. Department of Defense (DoD) and other federal agencies are required to demonstrate strict IT security controls. The DoD imposes strict requirements on the data shared between it and contractors and their subcontractors.
TABLE OF CONTENT |
To protect this data from cyberattacks, the DoD has developed a comprehensive framework that contractors must demonstrate compliance certification. DriveLock’s cybersecurity modular platform enables manufacturing companies to meet the mandated NIST and new CMMC 2.0 requirements.
NIST 800 frameworks are the overlying requirements for controls that are aligned with and mapped to CMMC 2.0.
The data exchanged by the Department of Defense with companies is called CUI (Controlled unclassified data) and they are specified in the NIST 800 document series. They cover the following:
The NIST 800 document series describes in detail how these CUI data can be effectively protected. To meet NIST compliance, the requirements from the NIST 800-171 CUI Controls, 800-171B and NIST 800-53 documents must be met.
The DriveLock cybersecurity platform will assist your organization to meet these requirements.
Cybersecurity Maturity Model Certification (CMMC) requires that companies entrusted with national security information to adhere to advanced cybersecurity standards and security controls which help protect data and information flow through to subcontractors. DriveLock can help lock down a vast majority of the controls despite recent changes in the CMMC standards, going from 5 to 3 levels despite the increasing amounts of controls.
Many industrial PCs used as human-machine interfaces to industrial robots and equipment still have legacy versions of operating systems in use, which are vulnerable to many different security risks due to their age. These are “air gapped” meaning the devices are disconnected from the Internet, which hinders their full functionality of controlling machines requiring a secure connection to the Internet to reach their full functionality. In many situations manufacturing companies cannot fulfill NIST 800-171 or CMMC 2.0 cyber security requirements.
DriveLock can help implement controls on these legacy assets while maintaining the old operating system versions so that their full functionality can be used when they are connected to the internet and office IT. DriveLock supports most major Linux distributions and extends back to Windows XP Service Pack 3. This allows companies to become NIST 800-x compliant.
DriveLock products support in the so-called NIST 800-171 Control Families such as "Awareness and Training", "Access Control", "Media Protection" - to name a few. The DriveLock Zero Trust platform solutions Application Control, Device Control and Security Awareness fulfill these requirements, and helps you maximize your machine environment to achieve the highest RoI.
DriveLock’s Device Control and Application Control includes Encyption-2-GO which hardens your organization’s devices against known and future malware and cyberattacks.
In the case of removable media, such as USB devices, DriveLock can effectively whitelist each USB device to a user and an endpoint device such as a computer or manufacturing device. This can greatly reduce the chances of an insider threat and other forms of internally proliferated attacks. DriveLock can help establish formal processes and controls for handling USB and other removable media exceptions to protect CUI.
In the case of USB devices, the below list demonstrates how controls some of these can be met, yet this list is not exhaustive:
For more information, contact our partner in the USA CSD Cyber: www.CSDCyber.com | info@csdcyber.com | (719) 220-6464
Download our free whitepaper "Cyber Security in Operational Technology / IIoT".
For more information on DriveLock's support of CMMC and NIST certification, please see our flyer.
DriveLock has been voted one of the Champions in Endpoint Protection in the "Professional User Rating - Security Solutions (PUR-S)" survey conducted...
The second major release of this year is notably not only for extensive improvements but also for the unification of management and configuration...
The Cybersecurity Maturity Model Certification (CMMC) 2.0 is more than just a compliance requirement for defense contractors—it's a strategic...