Cybersecurity including CMMC Compliance, Microsoft Azure for Government Cloud and FedRAMP

Government Contractors (GovCons) need to know with confidence that the external systems they use will support their cybersecurity and compliance goals. For many GovCons, certification at the appropriate level of Cybersecurity Maturity Model Certification (CMMC) will be necessary in order to win contracts as CMMC is fully implemented for DoD and other Federal Agencies.

This confidence starts with knowing that the Capture2Proposal application and Capture2 Inc. corporate resources are deployed within Microsoft’s Azure Government and Microsoft 365 GCC High cloud environment that maintains the following cybersecurity certifications:

FedRAMP High provisional authorization to operate (P-ATO) issued by the FedRAMP Joint Authorization Board (JAB). FedRAMP High addresses security controls related to the safeguarding of Federal Contract Information (FCI), Controlled Unclassified Information (CUI), and Covered Defense Information (CDI).
Attestation of compliance with DFARS Clause 252.204-7012 as provided by an independent third-party assessment organization (3PAO) accredited by FedRAMP.
DoD Cloud Computing Security Requirements Guide (SRG) Impact Level 4 (IL4) and Impact Level 5 (IL5) Provisional Authorizations (PA) issued by the Defense Information Systems Agency (DISA).

Our clients have an additional level of confidence knowing that Capture2Proposal is 3rd Party Assessment Organization (3PAO) attested as FedRAMP Moderate (NIST SP 800-53) and NIST SP 800-171 (CMMC Level 2 equivalent) compliant and provides clients with a Body of Evidence (BOE) to support their CMMC C3PAO assessment. The BOE includes letters of attestation, 3PAO assessment Control Implementation Summary (CIS) and Customer Responsibility Matrix (CRM), and Capture2Proposal-Client Shared Responsibility Matrix. An additional benefit is knowing that Azure Government Cloud resources reside within CONUS and both Azure Government and Capture2Proposal are supported by U.S.-only personnel.

Capture2Proposal clients can be confident that they:

Can store and share CUI and proprietary artifacts across the entire business development and proposal lifecycle.
Comply with CMMC v2.0 Level 2 once the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD (A&S)) rulemaking process has been completed (est. May 2023)

Our investment in systems and processes ensures that extensive security controls needed by our customers for collaboration and sensitive proposal data are in place with Capture2Proposal.