Compliance

Challenge

Meeting your compliance initiatives can be difficult for businesses of any size. Regulation is often changing which means your organization must keep up with legislation and industry specific protocols.

Intellectual property, trade secrets and other private information often must be shared with other people, both internally and externally. 

This means securing your organization’s digital perimeter no longer protects your company’s sensitive information. 

Protecting data after it leaves your purview is almost impossible with traditional communication tools.

Solution

LockDown solves this challenge with end-to-end encryption, granular user permission controls, immutable audit logs and strict access controls. 

  • End-to-end encryption protects your data across devices and networks.
  • Granular user permission controls what others may do with your data, including whether they may print or export.
  • An immutable audit log lets you keep tabs on who has accessed your data, as well as what they have done.
  • LockDown’s proprietary authentication system ensures that only authorized users can access your data 

Granular controls and file permissions ensure that only those you permit may access your information, and you decide what they’re permitted to do with it. 

LockDown’s technology works automatically in the background to ensure compliance, thereby minimizing the opportunity for human error, so your team can work faster and safer.

LockDown helps with a variety of compliance types, including NIST 800-171. 

LOCKDOWN’S COMPLIANCE WITH NIST 800-171

LockDown’s secure communication platform supports compliance with virtually all the CMMC and NIST 800-171 mandates for protecting FCI and CUI related to:

  • Access Control
  • Audit and Accountability
  • Identification and Authentication
  • Media Protection
  • Recovery
  • Risk Management
  • Systems and Communications Protection

Built upon some of the world’s most advanced encryption and key handling technology, LockDown ensures compliance, visibility and data control while preventing spoliation and leakage.

With LockDown, policy is automatically enforced through technology – thereby eliminating the challenges of password management, manual data retention and other problems subject to user error and/or insider threat.

LockDown adheres to each of the fundamental cybersecurity principles outlined above, beginning with the gold standard of end-to-end encryption to protect messages and files – even in the event of a network or server breach in which administrators are compromised.

LockDown adheres to the fundamental cybersecurity principles of:

  • Controlled access
  • Distributed encryption keys
  • Encrypted activity logs
  • End-to-end encryption
  • Key-based authentication (password free)
  • Secure cloud-based service

With LockDown, all messages and files are encrypted on-device, preventing risk even in the event of a network or server breach.

Messaging

LockDown messaging lets you send and receive encrypted messages through the LockDown app – a secure, containerized communication environment. Messages are independently encrypted on-device, stored privately and securely in the cloud and shared with end-to-end encryption. Messages are never stored on any device – so there is no breach if a device is lost or stolen.

File Sharing

With LockDown, files are independently encrypted on-device, stored privately and securely in the cloud and shared with end-to-end encryption. When a file is uploaded to LockDown, an encrypted copy is created and assigned permissions, including whether that file may be exported/downloaded, printed, copied/pasted, and watermarked (including the recipient’s name and phone number and/or a custom message such as “Confidential CUI”). Files are never stored on any device – so there is no breach if a device is lost or stolen. There is also no need to sanitize a device when it goes out of service.

Unlike other cloud-based file storage platforms, which always have access to your data, only you and the people with whom you’ve explicitly shared files can decrypt and read them.

Elimination of Passwords

Instead of relying on passwords, LockDown authenticates users via Multi-factor Authentication (MFA) that includes a large, strong cryptographic key that is automatically created and stored on each users’ smartphone plus a short PIN selected by the user (that is not stored on the phone).

Replacing passwords with cryptographic keys eliminates the many significant security risks that flow from phishing and password-guessing attacks, including the use of compromised passwords for unauthorized access and malicious activity. And because the unique keys are stored on each user’s smartphone, there is no one central point of attack for hackers to target.  The short user-selected PIN (that is not stored on the device) prevents a lost or stolen device from being used. If the PIN is incorrectly entered 5 times, the account is locked until aan account recovery is used and then re-verified by the organization.

Data Retention

LockDown ensures that data can be effortlessly created, traced and retained. Data is encrypted at the device level and is never stored on endpoints. Admins may establish and maintain configurations to ensure data cannot be destroyed by end users and, instead, can be archived and retrieved by authorized parties. For data that requires sanitization or destruction, authorized parties may do so.

Are you ready for CMMC Compliance?