N-central for CMMC Compliance – Additional Requirements

The following requirements describe the actions you must take to meet CMMC compliance when using N-central. These requirements address security controls, device configurations, and data protection measures that go beyond the platform’s default settings to help protect Controlled Unclassified Information (CUI) and meet your organization’s compliance obligations.

Shared Responsibility Matrix (SRM)

Review and implement the compliance responsibilities defined in the Shared Responsibility Matrix (SRM) published by N-able. Use the SRM to understand and fulfill customer and user responsibilities when deploying N-central in CMMC-scoped environments.

Web Application Firewall (WAF)

Determine whether a web application firewall (WAF) is required for your environment. If required, configure and maintain the WAF to protect N-central.

Guidance for using Cloudflare with N-central:

• Deploy Cloudflare in front of your N-central server.

• Configure Cloudflare according to your organization’s security requirements and CMMC guidance.

FIPS on End Devices

Enable FIPS mode on all end devices you manage. Ensure the operating system on each device enforces FIPS-compliant cryptography.

Encrypted Storage

Encrypt all storage that contains CUI. This includes:

• The storage volume hosting your N-central server.

• End devices that store or process CUI.

Encryption ensures data at rest meets CMMC requirements and helps protect sensitive information from unauthorized access.