The Security Software Company Globalscape On Cmmc Compliance [exclusive]: Evaluate

Three hours later, Mara called Tom back into her office.

Tom smiled. “Told you.”

Her biggest headache wasn’t her internal network. It was the supply chain. Specifically, the legacy system that moved engineering drawings of composite armor plating to a subcontractor in Ohio. That system was Globalscape’s Enhanced File Transfer (EFT) server—a product her predecessor had installed eight years ago. Three hours later, Mara called Tom back into her office

“The real cost isn’t the software,” Priya admitted. “It’s the process . CMMC requires you to prove you review those logs weekly (AU.L2-3.3.6). Globalscape can generate the report. But do you have a person signing off on it at 9 AM every Monday?”

Mara’s jaw tightened. “So, a gap.” It was the supply chain

Mara Chen, CISO of Defense Kinetic Solutions , stared at the clock on her laptop. 11:47 PM. Her third cup of cold brew sat beside a stack of printed SSPs (System Security Plans). In six weeks, her company would face its first Joint Surveillance Voluntary Assessment (JSVA) for CMMC Level 2.

“We already mapped EFT v8.4 to NIST SP 800-171, Rev 2,” Priya said. “CMMC is just 800-171 with a maturity stick. We’ve done the assessment prep for you. Here—see page 14? For ‘limit failed logon attempts’ (AC.L2-3.1.8), our native lockout policy works out of the box. For ‘session lock’ (AC.L2-3.1.10), you’ll need to enable your Windows GPOs, but we have a configuration script.” “The real cost isn’t the software,” Priya admitted

“But,” Priya continued, zooming into a flowchart, “CMMC cares about auditable events (AU.L2-3.3.1). Your current legacy version logs who sends a file, but not what specific system patch level they were on when they sent it , and it definitely doesn’t integrate with your SIEM in real time.”