N-central for CMMC Compliance – Additional Requirements

To ensure N-central is configured to support your CMMC certification, you must follow these requirements. The requirements focus on security controls, device settings, and data protection measures that go beyond the platform’s default configuration. Follow these requirements to help ensure your deployment protects Controlled Unclassified Information (CUI) and meets your organization’s compliance obligations.

Shared Responsibility Matrix (SRM)

Follow GRC’s Shared Responsibility Matrix (SRM) first and foremost. The SRM helps customers and users understand their responsibilities when deploying N-central in CMMC-scoped environments. See The N-central Shared Responsibility Matrix for details.

Web Application Firewall (WAF)

Determine whether a web application firewall (WAF) is required for your environment. If required, configure and maintain the WAF to protect N-central.

Guidance for using Cloudflare with N-central:

• Deploy Cloudflare in front of your N-central server.

• Configure Cloudflare according to your organization’s security requirements and CMMC guidance.

• FIPS on End Devices

• Enable FIPS mode on all end devices you manage. Ensure the operating system on each device enforces FIPS-compliant cryptography.

Encrypted Storage

Encrypt all storage that contains CUI. This includes:

• The storage volume hosting your N-central server.

• End devices that store or process CUI.

Encryption ensures data at rest meets CMMC requirements and helps protect sensitive information from unauthorized access.