Priya pulled up a second document: a 32-page Globalscape CMMC SSP Mapping Guide .
Tom smiled. “Told you.”
Mara felt the tension shift from panic to due diligence . Priya pulled up a second document: a 32-page
“We already mapped EFT v8.4 to NIST SP 800-171, Rev 2,” Priya said. “CMMC is just 800-171 with a maturity stick. We’ve done the assessment prep for you. Here—see page 14? For ‘limit failed logon attempts’ (AC.L2-3.1.8), our native lockout policy works out of the box. For ‘session lock’ (AC.L2-3.1.10), you’ll need to enable your Windows GPOs, but we have a configuration script.” “We already mapped EFT v8
“That’s compliance,” Mara said. “And compliance is what keeps the contract lights on.” Here—see page 14
“A bridgeable gap,” Priya corrected. “We released the CMMC Compliance Module last quarter. It adds three things: 1) Tamper-proof audit trails in a WORM (Write Once, Read Many) format. 2) Automatic session recording for admin actions—that’s your MA.L2-3.5.3 (maintenance tools). And 3) a direct API to your SIEM for automated alerting on anomalous transfer patterns, which covers your RA.L2-3.11.2 (vulnerability scanning).”