GuardWare INSIGHT helps organisations comply with CMMC 2.0
Below is the summary table showcasing INSIGHT applicability to CMMC 2.0 Cyber Domains.
- Green Colour depicts most technical major technical controls are addressed.
- Orange colour depicts partial technical controls are addressed.
CMMC 2.0 Cyber Domains
GuardWare INSIGHT Applicability
High use of unencrypted USBs. 44 users detected using unencrypted USBs to transfer data.
Technical control not implemented
High transfer rate. 8 users transferred over 1000 files.
Technical control not implemented
Outside of normal business hours. High rate of transfers detected outside of normal working hours.
Technical control not implemented
Transfer of Potential Sensitive Data
• Top 8 users detected transferring 1000s of design related files.
• Several users transferred files containing potentialsensitive data
Technical control not implemented
Visibility of transfers. Visibility of sensitive data transferred using external media.
Technical control not implemented
Suspicious User Activity – User1 - Use of personal emails to send corporate data
1. User detected using his personal email to send highly sensitive ITAR marked data to unauthorized 3rd parties
2. Non-Compliance under ITAR.
Technical control not implemented
Suspicious User Activity – User2 – Data copied by user about to leave the organisation.
1. User copied 1000s of design files also printed his CV during the same time.
2. There is evidence he has visited job sites (Indeed) and applied for Defence related engineering jobs around the same time when he copied the files.
3. The files have been copied on unencrypted USBs which most likely are personal.
4. He is also seen accessing and uploading files to personal Google Drive.
5. He belongs to the Defence User Group.
Technical control not implemented
Corporate emails forwarded to own personal emails. Email detected being forwarded to user own personal email.
Technical control partially implemented
Visibility of email forwards. Visibility of what files have been forwarded by users to personal and free emails to ensure they are accounted for.
Technical control not implemented
Use of Personal emails detected. Personal emails have been used to send data.
Technical control not implemented
Visibility of Personal Email Use. Visibility is required to ensure company data is not being sent out via personal emails.
Technical control not implemented
Technical Control Circumvented. The users seem to have found a way to install non-organisational applications.
Non-Compliance of 2 of the ES8 Controls.
1. Restrict administrative privileges
2. Application control
Technical control not implemented
Visibility of Application Use. Visibility of what applications are being used by users.
Technical control not implemented
