CMMC Level 3 and GateKeeper Proximity.
Cybersecurity Maturity Model Certification (CMMC) is built on on the Defense Federal Acquisition Regulations Supplement (DFARS) 252.204-7012 framework. CMMC Level 3 requires meeting NIST SP 800-171 CUI compliance controls in addition to others, including a verification component with respect to cyber security requirements. CMMC Assessment Guide - Level 3
“This is perfect for fulfilling the DoD requirements”
“This is perfect for fulfilling the DoD CMMC and SPRS requirements for 2FA, audit logs, ... This product has worked flawlessly since it was installed and fully setup. The GateKeeper team was extremely helpful during the setup process (they will walk you through all of the required steps to get the system operational which helped tremendously).”
W. Faller
Owner
Automating CMMC compliance is the best way to enforce it. Automatically enforce strong 2FA without interrupting users’ workflows. The token automatically locks workstations when users leave – automatically securing computers from unauthorized access. Continuous authentication means significantly more secure sessions compared to “one-time” 2FA.
Control Family |
Control ID |
Description |
CMMC Level |
GateKeeper Proximity Enterprise |
ACCESS CONTROL (AC) |
AC.1.001 |
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). |
1 |
GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper Enterprise, organizations can granularly assign access permissions to individuals/groups on a per workstation basis. GateKeeper automatically locks a user’s computer when they are no longer in proximity to their workstation, immediately protecting unauthorized users from accessing a system. |
ACCESS CONTROL (AC) |
AC.1.002 |
Limit information system access to the types of transactions and functions that authorized users are permitted to execute. |
1 |
GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper Enterprise, organizations can granularly assign access permissions to individuals/groups on a per workstation basis. GateKeeper automatically locks a user’s computer when they are no longer in proximity to their workstation, immediately protecting unauthorized users from accessing a system. |
ACCESS CONTROL (AC) |
AC.1.003 |
Verify and control/limit connections to and use of external information systems. |
1 |
GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper Enterprise, organizations can granularly assign access permissions to individuals/groups on a per workstation basis. GateKeeper automatically locks a user’s computer when they are no longer in proximity to their workstation, immediately protecting unauthorized users from accessing a system. |
ACCESS CONTROL (AC) |
AC.2.007 |
Employ the principle of least privilege, including for specific security functions and privileged accounts. |
2 |
GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper, organizations can granularly assign access permissions to individuals/groups on a per workstation basis. This helps enforce the concept of least privilege on a system level. |
ACCESS CONTROL (AC) |
AC.2.009 |
Limit unsuccessful logon attempts. |
2 |
GateKeeper has the ability to lock a user's account after an administrator-defined number of unsuccessful login attempts. |
ACCESS CONTROL (AC) |
AC.2.010 |
Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity. |
2 |
GateKeeper automatically locks a user's workstation when they are no longer in proximity to their workstation - preventing access/viewing of data. |
ACCESS CONTROL (AC) |
AC.2.013 |
Monitor and control remote access sessions. |
2 |
GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper Enterprise, organizations can granularly assign access permissions to individuals/groups on a per workstation basis. GateKeeper automatically locks a user’s computer when they are no longer in proximity to their workstation, immediately protecting unauthorized users from accessing a system. |
ACCESS CONTROL (AC) |
AC.3.017 |
Separate the duties of individuals to reduce the risk of malevolent activity without collusion. |
3 |
GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper Enterprise, organizations can granularly assign access permissions to individuals/groups on a per workstation basis. GateKeeper automatically locks a user’s computer when they are no longer in proximity to their workstation, immediately protecting unauthorized users from accessing a system. |
ACCESS CONTROL (AC) |
AC.3.018 |
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. |
3 |
GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GateKeeper Enterprise, organizations can granularly assign access permissions to individuals/groups on a per workstation basis. This helps enforce the concept of least privilege on a system level. |
ACCESS CONTROL (AC) |
AC.3.019 |
Terminate (automatically) user sessions after a defined condition. |
3 |
GateKeeper automatically locks a user's workstation when they are no longer in proximity to their workstation - preventing access/viewing of data. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.2.041 |
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. |
2 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it, even on shared accounts. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.2.042 |
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. |
2 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it, even on shared accounts. These audit logs are retained indefinitely and can be on on-premise. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.2.044 |
Review audit logs. |
2 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.3.045 |
Review and update logged events. |
3 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.3.049 |
Protect audit information and audit logging tools from unauthorized access, modification, and deletion. |
3 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. GateKeeper can connect to a syslog server and integrate with an enterprise security architecture. Authorized admins have the ability to export audit logs to further enable audit review, analysis, and reporting processes. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.3.050 |
Limit management of audit logging functionality to a subset of privileged users. |
3 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. GateKeeper can connect to a syslog server and integrate with an enterprise security architecture. Authorized admins have the ability to export audit logs to further enable audit review, analysis, and reporting processes. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.3.051 |
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. |
3 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. GateKeeper can connect to a syslog server and integrate with an enterprise security architecture. Authorized admins have the ability to export audit logs to further enable audit review, analysis, and reporting processes. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.3.052 |
Provide audit record reduction and report generation to support on-demand analysis and reporting. |
3 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully |
AUDIT AND ACCOUNTABILITY (AA) |
AU.4.053 |
Automate analysis of audit logs to identify and act on critical indicators (TTPs) and/or organizationally defined suspicious activity. |
4 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely and can be sent automatically to administrators. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.4.054 |
Review audit information for broad activity in addition to per-machine activity. |
4 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely and can be sent automatically to administrators. |
AUDIT AND ACCOUNTABILITY (AA) |
AU.5.055 |
Identify assets not reporting audit logs and assure appropriate organizationally defined systems are logging. |
5 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely and can be sent automatically to administrators. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.1.076 |
Identify information system users, processes acting on behalf of users, or devices. |
1 |
GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it, even on shared computers. GateKeeper can connect to a syslog server and integrate with an enterprise security architecture. Authorized admins have the ability to export audit logs to further enable audit review, analysis, and reporting processes. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.1.077 |
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. |
1 |
GateKeeper Enterprise provides proximity-based identification, authentication, and authorization to workstations. Using GateKeeper Enterprise, an organization can granularly assign access permissions to individuals/groups on a per workstation basis. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.2.078 |
Enforce a minimum password complexity and change of characters when new passwords are created. |
2 |
GateKeeper can integrate with an organization's Active Directory to enforce this control. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.2.079 |
Prohibit password reuse for a specified number of generations. |
2 |
GateKeeper can integrate with an organization's Active Directory to enforce this control. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.2.080 |
Allow temporary password use for system logons with an immediate change to a permanent password. |
2 |
GateKeeper can integrate with an organization's Active Directory to enforce this control. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.2.081 |
Store and transmit only cryptographically-protected passwords. |
2 |
GateKeeper utilizes military-grade AES-256 encryption to securely store and transmit passwords. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.2.082 |
Obscure feedback of authentication information. |
2 |
GateKeeper PIN login is obscured and all authentication information is obscured. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.3.083 |
Use multifactor authentication for local and network access to privileged accounts and for network access to nonprivileged accounts. |
3 |
GateKeeper Enterprise has the capability to enforce multifactor authentication (MFA) for all access to a workstation. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.3.084 |
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts. |
3 |
GateKeeper is a proximity-based identification and authentication solution. A user must be present with their physical token to unlock their workstation, making it inherently replay-resistant. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.3.085 |
Prevent the reuse of identifiers for a defined period. |
3 |
GateKeeper can integrate with an organization's Active Directory to enforce this control. |
IDENTIFICATION AND AUTHENTICATION (IDA) |
IA.3.086 |
Disable identifiers after a defined period of inactivity. |
3 |
GateKeeper Proximity can integrate with an organization's Active Directory to enforce this control. |
For any additional questions or concerns regarding securing CMMC, proximity settings, computer locking, or credential management, or compliance, 2FA/MFA, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.
-------------------------------------
Compliance; Cybersecurity Maturity Model Certification; Cybersecurity Maturity Model Certification compliance;
Comments
0 comments
Please sign in to leave a comment.