Hello all,
I am new to OpenEDR and I must say, it is a fantastic tool thus far! I am wondering if anyone here is using this product to align with CMMC compliance? We are currently in the “Self Assessment” phase and are evaluating this product to check the boxes for some of the compliance requirements. Just looking for any information, guidance relating to the compliance peice.
Thanks,
Chris
hi @cbriere
Open EDR is hosted on Fedramp High compliant servers
Open EDR uses FIPS validated encryption
@nivedithab thank you for the information.
Chris
OpenEDR is open source and self hosted so previous comment about “hosted on Fedramp Servers” is wrong.
With OpenEDR, you can easily cover following Controls stated by CMMC. These are mapped to CMMC 1.0 but we will release another mapping for CMMC 2.0
“C009
Identify and protect audit information”
“C010
Review and manage audit logs”
“C017
Detect and report events”
“C018
Develop and implement a response to a
declared incident”
“C019
Perform post incident reviews”
“C020
Test incident response”
“C023
Protect and control media”
“C031
Identify and evaluate risk”
“C037
Implement threat monitoring”
“C040
Control communications at system
boundaries”
“C041
Identify and manage information system flaws”
“C042
Identify malicious content”
“C043
Perform network and system monitoring”
@ozer this is extremely helpful, thank you!
Chris
Hi,
I am using CIS Security Control and also CIS RAM.