Sherlock Cloud BackgroundSherlock Cloud Background

Government Cloud Services

Sherlock Government Services specializes in providing unparalleled solutions for handling Controlled Unclassified Information (CUI) and meeting the rigorous standards of the Cybersecurity Maturity Model Certification (CMMC). Our offerings are specifically tailored to support sensitive government data with utmost security and compliance.

Practices aligned with nist 800-171

Achieving Level 2 Compliance

CMMC Level 2 certification process will be conducted by a Cyber-AB CMMC Third Party Assessment Organization (C3PAO). The domains that are covered as part of Level 2 include:

  • Access Control (AC)
  • Audit & Accountability (AU)
  • Awareness and Training (AT)
  • Configuration Management (CM)
  • Identification & Authentication (IA)
  • Incident Response (IR)
  • Maintenance (MA)
  • Media Protection (MP)
  • Personnel Security (PS)
  • Physical Protection (PE)
  • Risk Assessment (RA)
  • Security Assessment (CA)
  • System & Communication (SC)
  • System & Information Integrity (SI)
Turnkey platform with a full stack service

The Sherlock Approach

Sherlock’s comprehensive Government Cloud solution includes the use of Government cloud infrastructure, deep expertise compliance and cybersecurity, best of class open source and commercial products, advanced knowledge of enterprise solutions and platforms, and a professional services capability that helps our customers navigate the regulatory and technological challenges, and pull it all together to build a top notch solution.

End-to-end Compliance

High Level CMMC Requirements

Compliance with NIST 800-171 requires specialized knowledge and experience due to its grounding in NIST 800-53. As the Sherlock team has implemented and worked in the NIST 800-53 arena for over 15 years, it has seamlessly incorporated all NIST 800-171 requirements to satisfy the CUI security protections in its Sherlock Government Cloud environment.

Organization-wide Scope

It's Not a Project, It's a Program

CMMC necessitates development of permanent solutions that are flexible enough to meet researchers where the science is. It requires trained and experienced staff for cloud computing, consulting, user support, security, regulatory know-how and governance.

Rolled out over 5+ years, will start showing up in contracts in 2025

Has organizational-wide impact, leadership buy in and governance required

CUI requirement showing up in more and more DoD contracts, other agencies likely to adopt

Long history of Meeting FISMA, HIPAA & CUI Requirements

Leveraging Our Regulatory Compliance Experience

Ensuring robust compliance in the modern landscape requires a comprehensive approach that covers every facet of an organization's operations. With the goal of achieving end-to-end compliance, our strategy leverages the NIST 800-53 (Mod) Framework, a recognized standard in cybersecurity and risk management.

Sherlock Government Cloud Services

  • Sherlock Gov Cloud built to CMMC2.0 specification
  • Includes Azure Gov Cloud, O365GCCH
  • Offering VDI, standard compute workloads & productivity apps
  • Endpoint Support
  • Connect using Zero clients
  • Connect using organization managed clients (VDI only)
  • Evidence collection, policies, procedures, and lifecycle documentation
  • Multi-tenant support
  • Planning for the CMMC assessment in 2024
Technical AND security controls

Our Tools and Services

System & Management Services

From designing an architecture, to deployment, and ongoing support, Sherlock manages the entire solution:

  • Access control
  • Network & firewall configuration
  • Encryption at rest & transit
  • Backup, recovery, & archiving
  • Certificate authority
  • System health monitoring
Sherlock Cloud Services Systems & Management Man Sitting on Computer in Front of Data Server

Security Services

Every solution receives a comprehensive security posture assessment and lifecycle plan:

  • Vulnerability & patch management
  • Log collection & analysis
  • Intrusion detection
  • Antivirus & malware protection
  • VPN, Web proxy and mail relay
  • Hardened system configuration
Sherlock Cloud Services Security Man Standing on Front of Security Icons on Laptop

Compliance & Audit Services

Speeds up your compliance maturity and lets experts
manage audits and compliance documentation:

  • Policies & procedures
  • SOC 2 Type 2, CMMC, FISMA
  • Incidence response & contingency plans
  • 3rd party audits
  • Information risk assessment
  • Governance, risk & compliance (GRC)
Sherlock Cloud Services Compliance & Audit Man Searching Web Computer with Magnifying Glass

Personnel Services

Our solutions are staffed with and supported with vetted U.S. persons compliant with regulatory requirements:

  • Identity & account management
  • User support and helpdesk
  • Proposal partnership (Co-PI)
  • Annual background checks
  • Account auditing
  • Bridge to other center expertise
Sherlock Cloud Services Personnel Three People Online at a Desk
leading software

Best of Class Enterprise Products

We utilize best of class security and systems management tools to operate our services. We leverage our academic identity to negotiate favorable licensing costs, which helps reduce the cost of operations.  

Office 365 Icon
Linux Logo
Cisco Icon
Documentation, SRM and collaborations

Notable Service Inclusions

System Lifecycle Plans & Policies

Sherlock maintains a whole set of lifecycle documents that are updated annually. We also have policies and procedures that govern how the overall environment is managed and operated. Sherlock customers inherit these lifecycle documents and can share them with their sponsors as required. 

  • System Security Plan
  • Configuration Management Plan
  • Contingency Plan
  • Incident Response Plan
  • Information Security Risk Assessment
  • Policies & Procedures (100+)
  • Rules of Behavior
  • Account Management