Why Airlock Digital : Compliance : CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a critical framework for organizations working with the U.S. Department of Defense (DoD). It requires organizations to implement stringent cybersecurity controls to protect controlled unclassified information (CUI) and Federal Contract Information (FCI). Airlock Digital provides precision application control to address key requirements across CMMC’s practices and capabilities, supporting compliance while reducing risks to sensitive systems.

Proactive Risk Mitigation

Block unauthorized applications and malware from executing, reducing vulnerabilities.

Operational Resilience

Protect critical IT and OT systems, ensuring uninterrupted service delivery.

Endpoint Integrity

Ensure endpoints remain in a "known good state" by preventing all untrusted applications, scripts, and processes.

File Execution Visibility

Leverage visibility into endpoint execution and execution-attempts to address issues and support investigations.

Configuration Managment

The Configuration Management (CM) domain within the CMMC focuses on defining consistent, controlled and audited configuration and change management practices. Hardware, software, databases, and firmware must all be configured to operate securely, as specifically required for their use case.

Airlock Digital supports a number of sub-requirements within this domain, by enabling the enforcement of application allowlists, preventing the execution of unapproved or unnecessary programs, and maintaining a consistent application "baseline":

CM.L2-3.4.1: Establish and maintain baseline configurations.
CM.L2-3.4.6: Employ the principle of least functionality by configuring systems to provide only essential capabilities.
CM.L2-3.4.7: Restrict, disable, or prevent the use of nonessential programs.

*CMMC Configuration Management requirements utilize NIST SP 800-171 Configuration Practices as a baseline. Airlock Digital implements a deny-by-default, allow-by-exception model that directly supports NIST SP 800-171 Configuration Management practices. By only allowing trusted applications and files to run, Airlock Digital ensures systems maintain their baseline configuration and operate with only essential software.

System and Information Integrity (SI)

The system and information integrity (SI) controls in CMMC 2.0 consist of seven key security requirements, each addressing a different aspect of system security.

Flaw remediation
Malicious code protection
Security alerts and advisories
Update malicious code protection
System and file scanning
Monitor communications for attacks
Identify unauthorized use

Airlock Digital supports a number of the CMMC sub-requirements within this domain by enforcing a deny by default model that ensures only trusted and approved applications and files can execute. This prevents the execution of malicious code, including ransomware, zero-day malware, and fileless attacks:

SI.L2-3.14.1: Identify, report, and correct system flaws in a timely manner.
SI.L2-3.14.2: Provide protection from malicious code.
SI.L2-3.14.4: Monitor system security alerts and take action.
SI.L2-3.14.5: Identify unauthorized use of systems.

Audit and Accountability (AU)

The Audit and Accountability controls within CMMC require the creating and retention of system audit logs to monitor and investigate unlawful or unauthorized activity. Airlock Digital supports these requirements by providing centralized logging of all file-executions and attempts on endpoints.

AU.L2-3.3.1 – System Auditing: Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

Achieve CMMC Compliance with Airlock Digital

How Airlock Digital Supports Key CMMC Practices

Keep Exploring

Airlock Digital Product Datasheet

Talk to an Expert