Omnissa.comCommunityDocumentationKnowledge BaseLearningOmnissa ConnectPartner ProgramSupportTech Zone
Skip to main content
Public Sector

CMMC background

The Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) rule requires organizations to conduct a 3rd party assessment of the systems used to store, process, or transmit DOD Federal Contracting Information (FCI) and Controlled Unclassified Information (CUI) data. Protecting systems 

Handling FCI data requires that systems storing and processing such data meet 17 security requirements defined in FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems. System owners must annually self-attest to meeting these requirements. 

Handling CUI requires the application of 110 security requirements defined in NIST 800-171 rev2 across the systems, devices, and personnel directly handling CUI (known as CUI Assets) and the systems, devices, and personnel securing CUI assets (known as Security Protection Assets). In most cases, system owners must undergo assessment by a Certified Third-Party Assessment Organization (C3PAO) every 3 years, and self-attest to the ongoing validity of the assessment results during the intervening years.

Omnissa CMMC status

Omnissa maintains a current CMMC Level 1 self-attestation for the secure handling of DOD FCI listed on DOD’s Supplier Performance Risk System (SPRS) website. 

Omnissa holds a C3PAO issued, CMMC Level 2 certification to handle and store DOD CUI data. The solution involves hosting a repository integrated into the administrative control plane of the OGS FedRAMP High environment. This certification for CMMC Level 2 is also listed on SPRS. 

Vendors can obtain a copy of certification artifacts upon request.

How the Omnissa product portfolio can help customers meet CMMC requirements

Many Omnissa customers conduct their own business with the DOD and so will be undergoing their own CMMC assessments. The Omnissa portfolio of work anywhere applications can play a key role in implementing compliant solutions. Available products include:

Certification status 

Horizon 8Workspace ONE FedRAMP highHardened supporting appliances*

Fully integrated solutions - capability for automated pool/farm

  • Native cloud deployment
    • AWS Workspaces Core in GovCloud
  • Public cloud SDDC (vendor managed vSphere IaaS):
    • AWS GovCloud (VMC on AWS) - available
    • Oracle US Government (OCVS) - available
  • Manual pool/farm
    • Customer managed Horizon 8 as cloud infra - acceptable in any FedRAMP authorized cloud

Workspace ONE SaaS

  • Workspace ONE UEM ModStack
  • Omnissa Access & Hub Services
  • Omnissa Intelligence
  • Boxer (Current NIAP & STIG)
  • Unified Access Gateway (in Process NIAP & UAG)
  • Workspace ONE Tunnel (Planned NIAP & UAG)
    *Customer deployed but have applicable DOD hardening standards

You are now being redirected to an external domain. This is a temporary redirect while we build our new infrastructure and rebrand our legacy content.

This message will disappear in 10 seconds

CONTINUE