Virtru Shared Responsibility Matrix for CMMC 2.0
The journey to CMMC compliance is complex, and no organization gets there overnight. With 110 total controls to address, aligned with NIST SP 800-171, organizations that work with the federal government have a lot to do in order to achieve compliance with CMMC 2.0.
Virtru empowers hundreds of federal contractors, research institutions, and other organizations that need to meet CMMC 2.0 Compliance. Virtru supports 27 of the 110 total CMMC controls, helping you cover a large portion of your data security needs in your compliance journey. This guide outlines those 27 controls and the Virtru capabilities that support these areas of compliance.
Download Virtru's CMMC Shared Responsibility Matrix for the complete list of practice IDs addressed by Virtru's data-centric security, access controls, and audit capabilities. Virtru covers several elements of the following CMMC domains identified by NIST:
- Access Control
- Audit and Accountability
- Identification and Authentication
- Media Protection
- Systems and Communication Protection
Why Virtru Focuses on 27 Controls
While CMMC Level 2 requires organizations to meet all 320 objectives across 110 controls through people, processes, and technology, vendors take different approaches to claiming control coverage. Some providers claim to address 90% or more of controls, often by including inherited compliance from the vendor’s own underlying infrastructure. As a result, these vendors inaccurately claim that they will assist with controls like physical security (e.g., PE.L2-3.10.3, which requires escorting visitors through the building and monitoring their activity.)
Virtru has chosen a conservative approach, identifying a maximum of 27 controls where our technology directly contributes to compliance objectives. This transparency helps organizations clearly understand where our solution provides genuine value and what responsibilities remain theirs to address through other means. By being precise about our contribution, we help customers build defensible compliance programs that will withstand the scrutiny of formal CMMC assessments, rather than discovering gaps when it matters most.
Want to dig deeper into the details? Our team can provide more information on the specific ways Virtru supports each of these areas. Request a demo to discuss CMMC 2.0 with the Virtru team.
/Virtru%20Academy%20Live/Virtru%20Academy%20Live-Webinar-Assets-Promo.jpg)
/resource%20-%20healthy%20business%20group/hbg.webp)
/State%20of%20West%20Virginia%20Case%20Study.webp)
