Secude’s HaloCAD simplifies and speeds up your CMMC compliance by protecting CAD files that are Controlled Unclassified Information (CUI), tracking where your CUI lives and controlling access to CUI beyond your IT perimeter.
Not all CAD files need to be marked as CUI, but any document and designs included in DoD contracts are CUI by default.
While CAD files may have adequate protection inside your IT perimeter, they require a different level of protection if shared externally.
Simply applying a CUI label on a drawing or document does not offer protection - you need to implement tools to protect, track and control access to CAD files that are CUI to prove CMMC compliance.
For CMMC Level 2, you need to satisfy 110 NIST SP 800-171 assessment controls, which are broken down into 14 practices.
Secude’s HaloCAD simplifies certification in almost two-thirds of the 14 practices (9/14)
and covers one-third of the 110 assessment objectives for CMMC Level 2.0 (36/110). For example:
3.1 Access Control (AC)
3.1.3 Controls the flow of CUI in accordance with approved authorizations.
HaloCAD can block or grant access to selected CAD files based on authorization granted by Entra ID and MPIP.
3.3 Audit and Accountability (AU)
3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
With HaloCAD, MPIP audit logs are available for monitoring file access attempts and SIEM analysis can be performed on the HaloENGINE logs.
3.4 Configuration Management (CM)
3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems.
HaloCAD’s Zero Trust protection posture for all systems that employ it.
3.5 Identification and Authentication (IA)
3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.
HaloCAD’s Zero Trust protection and sensitivity labeling ensures CAD files are only accessible by authorized users.
3.6 Incident Response (IR)
3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
HaloCAD’s authentication and authorization events are audited within the sign-in logs, and any detected risks are audited in the Identity Protection logs.
3.8 Media Protection (MP)
3.8.1 Protect (i.e. physically control and securely store) system media containing CUI, both paper and digital.
HaloCAD digitally secures all CAD files that are classified as CUI from the point of origin - independently from storage level encryption methods.
3.9 Personnel Security (PS)
3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.
Terminating or revoking system access to personnel will deny them access to CUI files protected by HaloCAD or HaloCORE.
3.13 System and Communication Protection (SCP)
3.13.16 Protect the confidentiality of CUI at rest.
HaloCAD protects CAD files that are classified as CUI both at rest and in use and with PLM transfers.
3.14 System and Information Integrity (SI)
3.14.7 Identify unauthorized use of organizational systems.
Unauthorized access attempts to CUI files protected by HaloCAD or HaloCORE can be captured and alerted on via SIEM.
If your CAD files are CUI, protecting and tracking this data is essential for CMMC 2.0 compliance.
Secude’s HaloCAD protects, tracks and controls access to CAD files that are CUI, making it easier to prove CMMC compliance.
As HaloCAD integrates directly into the CAD software, your CUI has Zero Trust protection from creation, when shared with external partners and if it falls into the wrong hands (i.e. accidental leaks or data breaches).
With HaloCAD’s label capability, you can monitor where your CUI-CAD files are at any time and easily satisfy access control requirements for CMMC 2.0 compliance.
With HaloCAD, your employees use the same tools and processes as before, ensuring your employees' workflow on CAD files classified asCUI is both secure and seamless.
HaloCAD’s MPIP sensitivity labels allow you to control who accesses CAD files that are considered CUI and revoke access at any time. You can therefore create data boundaries for specific working groups in your organization (i.e. teams working on Project A have different access to Project B).
Security compliance made easy.
HaloCAD simplifies and speeds up compliance by enabling you to easily prove the security of your CAD files to regulatory, governmental or external partners auditors. HaloCAD’s in-built protection saves your compliance team’s time, prevents non-compliance fines and helps win new business contracts.
“Secude works seamlessly across all of our CAD applications and our different
business groups so that we can just configure labels in Microsoft Purview
and make them available to all of the engineers who do sensitive CUI drawings.”
Aerospace contractor