2 posts tagged with "CMMC"

Organizations operating research clusters, HPC environments, and open compute infrastructure already maintain filesystems measured in petabytes. When CMMC Level 2 compliance enters the picture, organizations often assume CUI requires physically dedicated storage: a separate appliance, separate drives, a hard boundary between the regulated enclave and everything else. That assumption is expensive and, under tiCrypt's architecture, unnecessary.

tiCrypt's client-side encryption reduces the storage layer to a ciphertext-only medium. The filesystem never holds keys or plaintext. Because the storage layer cannot read what it stores, CUI can share physical media with non-CUI workloads without compromising confidentiality. You can carve out a partition, directory, or namespace on your existing shared filesystem, point tiCrypt at it, and maintain full CMMC L2 compliance without purchasing dedicated hardware. This article explains how to do it, what the storage layer actually holds, and which CMMC controls make this acceptable.

For the theoretical foundation behind cryptographic isolation on shared media, see Cryptographic Isolation for CUI on Shared Storage. For details on how tiCrypt interacts with the underlying filesystem, see Interplay between the filesystem and tiCrypt.

If you are preparing for a CMMC Level 2 assessment, the Audit and Accountability (AU) control family is one of the first areas an assessor will examine. The nine AU practices in NIST SP 800-171r2 (practices 3.3.1 through 3.3.9) require your organization to demonstrate that every action involving Controlled Unclassified Information (CUI) is logged, attributable to a specific user, protected from tampering, and available for review. tiCrypt's audit system addresses these requirements.

This article is written for compliance officers and audit program managers building a System Security Plan (SSP) and preparing evidence packages for CMMC Level 2 assessment. It covers what tiCrypt's audit system captures and flags, how the architecture works and connects to your SIEM, where the platform's responsibility ends and your organizational controls must begin, and how each AU practice maps to specific capabilities and evidence. For a deeper look at the audit schema and forensic investigation capabilities, see Usage Reporting and Forensics in tiCrypt Audit.