CMMC Compliant Cloud Services for UC

Session Host/Speaker(s)

Sherlock has been providing academic, government, and industry partners with an array of compliant managed services on-premise in its Sherlock Cloud and through its multi-Cloud solution that includes public Cloud partners Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP). These services capitalize on Sherlock’s security and compliance expertise, as Sherlock has built and deployed environments that comply with the Federal Information Security Management Act (FISMA), the Health Insurance Portability and Accountability Act (HIPAA), and the Controlled Unclassified Information (CUI) NIST 800-171 requirements. While these compliant services are a proven tool for its partners, Sherlock continues to evolve and, recently, partnered with UC San Diego Information Technology Services (ITS) to build and deploy a Cybersecurity Maturity Model Certification (CMMC) Level-3 compliant environment.

The Department of Defense (DoD) developed CMMC to protect defense contractors from cybersecurity incidents. As such, CMMC identifies a comprehensive set of cybersecurity standards; this set of standards incorporates the CUI NIST 800-171 security controls, and adds additional practices and processes specific to CMMC. CMMC certification is enforced by government entities, and organizations seeking contract awards that require CMMC certification must endure a rigorous certification process that is conducted by third-party auditors.  

Sherlock and UC San Diego ITS will discuss its forthcoming CMMC solution, how it is partnering with external partners (Microsoft, Summit7 and ePlus) to build and deploy this comprehensive CMMC-certified, private cloud capability, and the benefits other UC campuses can reap from leveraging this solution in procuring government grants and contracts. Sherlock and UC San Diego ITS are developing a CMMC Level-3 compliant environment comprised of three components: (1) an Azure Government component that will be used for compute and data workloads; (2) an O365 GCC High tenant that will be used for the Office suite of applications; and (3) an on-premise enclave that will support use cases that are better suited operating within the local datacenter. These three integrated tenants together will provide services that will meet a wide range of research use cases. Additionally, the Sherlock and ITS team plan to work with UC San Diego to ensure that research labs campus-wide are compliant with CMMC Level-3. The entire pipeline – from the researchers who generate the CUI on the end-point to the computing environment that will run the analysis – will be configured to be CMMC Level-3 compliant.