Compliance: CMMC 2.0

Achieve CMMC 2.0 compliance with Keeper

Protect FCI and CUI with zero-knowledge security, identity-first access controls and auditable compliance aligned to CMMC Levels 1 and 2.

Talk to a Keeper CMMC Expert

loading... loading...
What is CMMC 2.0?

What is CMMC 2.0?

Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is the U.S. Department of Defense's framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

It standardizes cybersecurity requirements across the Defense Industrial Base (DIB) and ties compliance directly to contract eligibility, requiring contractors and subcontractors to demonstrate enforceable, auditable security controls.

Securing CMMC 2.0 Compliance

Zero-Trust Access Control for CMMC 2.0

Keeper enables CMMC 2.0 compliance by securing access to FCI and CUI through a zero-trust, identity-first model. Role-based Access Control (RBAC), least privilege and separation of duties enforce CMMC Level 1 and 2 requirements, while integrations with enterprise identity providers support centralized authentication and mandatory MFA. Session timeouts and privileged access controls ensure only authorized users access sensitive systems and credentials.

End-to-End Encryption and Auditable Access

Keeper supports CMMC 2.0 audit, encryption and monitoring requirements with zero-knowledge encryption, immutable audit logs and SIEM integrations for continuous monitoring. This reduces password exposure, enables just-in-time privileged access and provides visibility into credential risk to help organizations demonstrate enforceable CMMC controls.

Keeper features for CMMC 2.0

Access Controls
Security Control & Title
Overall Status
Comments
AC.L1-3.1.1Authorized Access Control (CUI)
Supporting
Keeper's Enterprise Password Manager (EPM) allows users to generate and store secure and unique passwords that support user authentication.
AC.L2-3.1.11Session Termination
Supporting
Keeper provides platform-specific session termination controls based on a period of time. EPM also provides re-authentication options for actions like autofilling a password.
AC.L2-3.1.12Control Remote Access
Primary
KCM is a remote access gateway used to grant users access to resources in accordance with least privilege principles. It uses connection protocols such as RDP, HTTPS, SSH, VNC, Telnet, Kubernetes, MySQL, PostgreSQL, and SQL.
AC.L2-3.1.13Remote Access Confidentiality
Primary
KCM uses FIPS 140-3 validated encryption to ensure remote access confidentiality.
AC.L2-3.1.14Remote Access Routing
Primary
KCM is a remote access gateway that serves as a managed access control point.
AC.L2-3.1.15Privileged Remote Access
Primary
KCM can limit user access to specific connections, limit access to a specific application within an RDP session and limit access by automatically running SSH commands at connection.
Audit & Accountability
Security Control & Title
Overall Status
Comments
AU.L2-3.3.1System Auditing
Supporting
Keeper's Advanced Reporting and Alerts Module (ARAM) provides enterprise-level auditing and reporting of admin and user activity.
AU.L2-3.3.5Audit Correlation
Supporting
Keeper's ARAM seamlessly integrates with SIEM solutions for long-term storage and audit correlation.
AU.L2-3.3.6Reduction & Reporting
Supporting
Keeper's ARAM provides filters for 200+ event types.
Configuration Management
Security Control & Title
Overall Status
Comments
CM.L2-3.4.2Security Configuration Enforcement
Supporting
EPM offers extensive group-based policies that control how Keeper can be used.
CM.L2-3.4.6Least Functionality
Supporting
KCM can limit a remote RDP session to a single application, control clipboard behavior, disable printing and more.
Identification and Authentication
Security Control & Title
Overall Status
Comments
IA.L2-3.5.3Multi-Factor Authentication
Supporting
Keeper supports multiple MFA methods including TOTP, RSA SecureID, Duo Security, FIDO2 security keys, Windows Hello and mobile device biometric authentication. It also requires additional approval when a new device is used to access an account.
IA.L2-3.5.4Replay-Resistant Authentication
Primary
KSM transmits secrets in an encrypted TLS tunnel. The secrets are decrypted by the user's device.
IA.L2-3.5.7Password Complexity
Primary
EPM offers customizable password complexity settings for master passwords, and passwords generated for defined domains and IP addresses. Security audit reports show stats on the strengths and weaknesses of passwords in the organization.
IA.L2-3.5.8Password Reuse
Primary
EPM enables organizations to eliminate password reuse by generating unique passwords for every account. Security audit reports show password reuse statistics.
IA.L2-3.5.9Temporary Passwords
Supporting
EPM allows for secure sharing of temporary credentials by transferring ownership of a password record or through a one-time share.
IA.L2-3.5.10Cryptographically Protected Passwords
Primary
EPM securely stores and transmits passwords using FIPS 140-3 validated encryption.
IA.L2-3.5.11Obscure Feedback
Supporting
EPM masks passwords and other sensitive information. Keeper also allows for the creation of custom record types with masking settings for each custom field.
System & Communications Protection (SC)
Security Control & Title
Overall Status
Comments
SC.L2-3.13.6Network Communication by Exception
Supporting
Network access can be restricted by enabling IP address allow listing.
SC.L2-3.13.8Data In Transit
Primary
EPM uses FIPS 140-3 validated zero-knowledge encryption to encrypt any CUI in transit and is FedRAMP Certified at the High Impact level.
SC.L2-3.13.9Connections Termination
Primary
KCM session timeout settings are configurable.
SC.L2-3.13.10Key Management
Supporting
KSM securely stores and transmits secrets such as SSH keys, API keys, encryption keys, passwords and more using FIPS 140-3 validated zero-knowledge encryption. KSM can also automatically rotate secrets.
SC.L2-3.13.11CUI Encryption
Primary
EPM uses its FIPS 140-3 validated zero-knowledge encryption to encrypt any CUI and is FedRAMP Certified at the High Impact level.
SC.L2-3.13.16Data At Rest
Primary
EPM uses FIPS 140-3 validated zero-knowledge encryption to encrypt any CUI stored in the system at rest and is FedRAMP Certified at the High Impact level.
System & Information Integrity (SI)
Security Control & Title
Overall Status
Comments
SI.L2-3.14.3Security Alerts & Advisories
Supporting
Keeper's BreachWatch monitors passwords for indicators of compromise and alerts the user or admin if any of the passwords have been impacted in a breach.
SI.L2-3.14.7Identify Unauthorized Use
Supporting
Keeper's ARAM allows for the creation of alerts based on 200+ event types. EPM's Compliance Reporting module provides additional reporting to identify unauthorized sharing or use of passwords.

Be ready for CMMC 2.0 assessments

Secure your data and simplify compliance with Keeper

Get in Touch
Close
Business Sales
Support

Sign up for a Free Trial

Personal and Family

Protect yourself and your family from cybercriminals.

Start Free Trial
Business and Enterprise

Protect your company from cybercriminals.

Start Free Trial
MSPs

Protect your MSP organization, your end customers and add new revenue streams.

Start Free Trial
Buy Now