Sherlock Government Services

Government Cloud Services

Sherlock Government Services specializes in providing unparalleled solutions for handling Controlled Unclassified Information (CUI) and meeting the rigorous standards of the Cybersecurity Maturity Model Certification (CMMC). Our offerings are specifically tailored to support sensitive government data with utmost security and compliance.

Protecting CUI and FCI

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across all companies within the Department of Defense (DoD) supply chain. The DoD introduced the CMMC framework in 2020, with the most recent version of this framework being released in November 2021 (CMMC 2.0).

Enforcing DoD’s cybersecurity requirements for the DIB
Protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractor
Covering Federal Contract Information (FCI) and Controlled Unclassified Information(CUI)
Perpetuating a collaborative culture of cybersecurity and cyber resilience
Requiring compliance with CMMC as a condition of contract award

Practices aligned with nist 800-171

Achieving Level 2 Compliance

CMMC Level 2 certification process will be conducted by a Cyber-AB CMMC Third Party Assessment Organization (C3PAO). The domains that are covered as part of Level 2 include:

Access Control (AC)
Audit & Accountability (AU)
Awareness and Training (AT)
Configuration Management (CM)
Identification & Authentication (IA)
Incident Response (IR)
Maintenance (MA)

Media Protection (MP)
Personnel Security (PS)
Physical Protection (PE)
Risk Assessment (RA)
Security Assessment (CA)
System & Communication (SC)
System & Information Integrity (SI)

Turnkey platform with a full stack service

The Sherlock Approach

Sherlock’s comprehensive Government Cloud solution includes the use of Government cloud infrastructure, deep expertise compliance and cybersecurity, best of class open source and commercial products, advanced knowledge of enterprise solutions and platforms, and a professional services capability that helps our customers navigate the regulatory and technological challenges, and pull it all together to build a top notch solution.

End-to-end Compliance

High Level CMMC Requirements

Compliance with NIST 800-171 requires specialized knowledge and experience due to its grounding in NIST 800-53. As the Sherlock team has implemented and worked in the NIST 800-53 arena for over 15 years, it has seamlessly incorporated all NIST 800-171 requirements to satisfy the CUI security protections in its Sherlock Government Cloud environment.

Organization-wide Scope

It's Not a Project, It's a Program

CMMC necessitates development of permanent solutions that are flexible enough to meet researchers where the science is. It requires trained and experienced staff for cloud computing, consulting, user support, security, regulatory know-how and governance.

Rolled out over 5+ years, will start showing up in contracts in 2025

Has organizational-wide impact, leadership buy in and governance required

CUI requirement showing up in more and more DoD contracts, other agencies likely to adopt

Long history of Meeting FISMA, HIPAA & CUI Requirements

Leveraging Our Regulatory Compliance Experience

Ensuring robust compliance in the modern landscape requires a comprehensive approach that covers every facet of an organization's operations. With the goal of achieving end-to-end compliance, our strategy leverages the NIST 800-53 (Mod) Framework, a recognized standard in cybersecurity and risk management.

Sherlock Government Cloud Services

Sherlock Gov Cloud built to CMMC2.0 specification
Includes Azure Gov Cloud, O365GCCH
Offering VDI, standard compute workloads & productivity apps
Endpoint Support
Connect using Zero clients
Connect using organization managed clients (VDI only)
Evidence collection, policies, procedures, and lifecycle documentation
Multi-tenant support
Planning for the CMMC assessment in 2024

Technical AND security controls

Our Tools and Services

System & Management Services

From designing an architecture, to deployment, and ongoing support, Sherlock manages the entire solution:

Access control
Network & firewall configuration
Encryption at rest & transit
Backup, recovery, & archiving
Certificate authority
System health monitoring

Sherlock Cloud Services Systems & Management Man Sitting on Computer in Front of Data Server

Security Services

Every solution receives a comprehensive security posture assessment and lifecycle plan:

Vulnerability & patch management
Log collection & analysis
Intrusion detection
Antivirus & malware protection
VPN, Web proxy and mail relay
Hardened system configuration

Sherlock Cloud Services Security Man Standing on Front of Security Icons on Laptop

Compliance & Audit Services

Speeds up your compliance maturity and lets experts
manage audits and compliance documentation:

Policies & procedures
SOC 2 Type 2, CMMC, FISMA
Incidence response & contingency plans
3rd party audits
Information risk assessment
Governance, risk & compliance (GRC)

Sherlock Cloud Services Compliance & Audit Man Searching Web Computer with Magnifying Glass

Personnel Services

Our solutions are staffed with and supported with vetted U.S. persons compliant with regulatory requirements:

Identity & account management
User support and helpdesk
Proposal partnership (Co-PI)
Annual background checks
Account auditing
Bridge to other center expertise

Sherlock Cloud Services Personnel Three People Online at a Desk

leading software

Best of Class Enterprise Products

We utilize best of class security and systems management tools to operate our services. We leverage our academic identity to negotiate favorable licensing costs, which helps reduce the cost of operations.

Documentation, SRM and collaborations

Notable Service Inclusions

System Lifecycle Plans & Policies

Sherlock maintains a whole set of lifecycle documents that are updated annually. We also have policies and procedures that govern how the overall environment is managed and operated. Sherlock customers inherit these lifecycle documents and can share them with their sponsors as required.

System Security Plan
Configuration Management Plan
Contingency Plan
Incident Response Plan
Information Security Risk Assessment
Policies & Procedures (100+)
Rules of Behavior
Account Management