Questions? 

CMMC IS HERE. ARE YOU PREPARED?

ProShop can help you meet CMMC security standards.

CMMC

The ProShop platform supports the new and robust security postures required under the Cybersecurity Maturity Model Certification 2.0. Companies working with Department of Defense (DoD) agencies must comply with these standards.

What Does the CMMC Include?

The CMMC draws on the requirements under NIST800-171 and NIST800-172, outlining the handling and protection of government-controlled information on non-government-controlled networks, platforms and systems. Standards span 17 domains, including technical and physical controls, security training and more.

Guidelines also apply to international government contractors, making ProShop a leading choice for CMMC software in Canada and beyond.

Why Is CMMC Important?

Today's DoD budget exceeds $700 billion, and 23% of that funding goes to small businesses. These organizations are often the ones most vulnerable to cyberattacks, making cybersecurity in manufacturing essential. To continue doing business with the DoD, companies must prove they've taken sufficient measures toward data security. Organizations do this through the CMMC. 

How Does ProShop Support My CMMC Efforts?

We developed the ProShop CMMC software system to support CMMC enterprise resource planning (ERP) integration. Various security features help you reach the CMMC standards, including:

Password controls: ProShop automatically limits the most common 100,000 passwords from use. You can strengthen your posture further by setting requirements and custom configuration parameters.

Multifactor authentication: We use Federal Information Processing Standards (FIPS)-compliant multifactor authentication (MFA) for user authentication. You can manage the Yubikeys within the platform.

Audit traceability: Each user has a unique ID. As a result, we can track action and monitor anomalies with audit trails available to privileged users.

Lock-out functions: ProShop allows you to set a number of unsuccessful log-in attempts to automatically deny access. You can also set inactivity limits within the program to terminate open sessions.

Privacy and security notice delivery: Users must agree to privacy and security notices upon sign-in, including consent to monitoring activity. You can customize our template to meet your unique legal requirements and language.

Tailored access for specific functions: ProShop allows using non-privileged accounts to execute basic functions. The platform also supports the least-privilege principle to limit access to more sensitive data.

Get a Stronger Security Posture With ProShop

ProShop combines the best of an ERP with CMMC compliance tools to help you achieve and maintain certification. We've drawn on almost 20 years of experience in a computer numerical control (CNC) machine shop to develop a robust suite of tools for managing front office and shop floors cohesively. Our CMMC security ERP supports your other efforts, like physical access controls and employee awareness training. Request your complimentary demo today to see our robust software in use.

FAQ

Can people access ProShop from home? How do I keep that safe?

Yes, as a web platform employees can login from home. Employees must be provided with a secure connection to the company network. However, facilitating remote work requires implementing a range of security controls. NIST’s “Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions” provides a good overview of how to facilitate remote work securely as a company.

What are your dual or second factor authentication options?

ProShop supports Yubikeys, and FIPS compliant Yubikeys, as a second factor authentication. Yubikeys are centrally managed within ProShop.

Are you offering cybersecurity consultations?

At this time, ProShop is not offering cybersecurity consultations inhouse, but we have Partner Cybersecurity organizations who we recommend. Contact [email protected] for a referral.

How long until ProShop logs me out of a session?

Session Management is configurable, and can be distinctly set for each user. Session Management is done through the Security Configurations Module.

Where do I find password settings in ProShop?

Password configurations may be set in the Security Configurations Module. Passwords configuration options include length, complexity, and required characters. ProShop disallows any of the 100,000 most commonly used passwords, and you may also disallow the use of any words or phrases of your choosing.

Does ProShop have configurable file permissions?

Yes, File Permissions may be set per role or user.

Does ProShop track user activity?

Yes, you can track user activity through the Edit Log.

What level will my company have to get certified to?

CMMC 2.0 no longer requires every company with DiB contracts to be Certified. Every company with a DiB contract is still required to implement NIST800-171, and must submit their SPRS score. Depending on the type of work performed, you may be asked to undergo a complete CMMC Audit. What was formally “Level 3” in CMMC 1.0 is now contained up to “Level 2” in CMMC 2.0.

Our IT department is currently working on NIST SP 800-171 compliance. Can that be used as a basis for CMMC, or does there have to be completely separate documentation?

Documentation used as part of a NIST800-171 implementation may also be used to show work towards a CMMC certification.

Does CMMC require an Onsite Assessment by a C3POA?

Whether the CMMC Audit requires an Onsite Assessment will be dependent on the Level of certification they are asked to get. Most companies, however, could benefit from a third-party audit of their company’s Cybersecurity architecture, even if not strictly required.

Is there a Physical Security component of CMMC?

Absolutely, physical security is a critical component of cybersecurity. Access to sensitive equipment should be restricted and physical access procedures for your organizational site should be defined and communicated to your staff.

Is ProShop ERP planning on getting CMMC certified?

ProShopERP is implementing NIST800-171, but is not required to obtain a CMMC certification.

Download the full pdf for how ProShop can help with CMMC compliance

Download Now

Book your no commitment Discovery Call

BOOK A CALL
Privacy Policy
Terms of Service
magnifiercrosschevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram