Implementing CMMC 2.0 Securely: How Modern Data Masking Supports the Protection of CUI!

Why Data Detection and Data Masking Are Important for CMMC

Many CMMC controls require organizations to:

• reliably identify FCI and CUI—even in structured, semi-structured, and unstructured data,
• minimize sensitive data in test, analysis, or development environments,
• enforce the principle of least privilege,
• and provide traceable and auditable protective measures.

Manual processes or isolated tools are usually insufficient for this—especially in hybrid, cloud, or legacy environments, which are common in the defense industry.

Overview of IRI’s Data Detection and Masking Capabilities

IRI offers an integrated approach to protecting sensitive data:

IRI DarkShield

• automatic discovery, classification, and masking of sensitive data
• supports CUI, PII, PHI, PCI, and intellectual property
• works with files, documents, images, databases, and big data platforms

IRI FieldShield / CellShield

• powerful, rule-based masking for structured data
• for both data “at rest” and “in motion”

IRI Voracity

• Unified platform for data management
• Combines data discovery, ETL, data quality, and masking
• Supports controlled analytics and AI applications

These tools enable:

• Continuous data discovery,
• policy-based masking,
• and auditable enforcement of security policies.

Connection between CMMC controls and IRI capabilities

1. Identification of assets and data, CMMC objective: Understand where FCI and CUI are located.

DarkShield scans file systems, databases, documents, or object storage using:

• Pattern matching
• Dictionaries
• NLP methods
• Context rules

This allows sensitive data to be detected even in PDFs, Office documents, images, or logs.

2. Access control and least privilege, CMMC objective: Restrict access to sensitive data.

IRI approach:

• irreversible masking
• pseudonymization
• synthetic data
• role-based masking rules

This ensures users see only the data they actually need.

Result: reduced risk from insider threats or excessive data sharing.

3. Data protection and media sanitization, CMMC objective: Prevent unauthorized disclosure of CUI.

IRI approach:

• static or dynamic masking
• Protection of data at rest, in transit, and in use
• Masking of test data

This prevents production data from entering development or test environments.

4. Risk Management, CMMC Objective: Mitigate the impact of a security incident.

IRI Approach:

• Masked or redacted data is worthless to attackers
• Discovery reports help quantify risks and set priorities.

5. Auditability and Continuous Monitoring, CMMC Objective: Demonstrable compliance.

IRI features:

• detailed logs
• reports on data discovery and masking
• repeatable jobs and policies

This enables the provision of audit evidence for CMMC assessments.

Typical use cases in the defense industry

Organizations use data discovery and masking, for example, for:

• CUI discovery prior to a CMMC audit
• Data minimization in Dev/Test environments
• Masking sensitive documents when sharing with partners or government agencies
• Analytics and AI using masked but usable data
• Compliance evidence in supply chains involving subcontractors.

Conclusion: Ultimately, CMMC compliance means reducing risks to sensitive defense information!

Solutions for data discovery and data masking enable companies to implement these requirements:

• accurately,
• scalably
• and auditably

A data-centric security approach not only accelerates certification but also strengthens organizations’ security architecture in the long term.

Efficiency meets experience: For more than four decades, our software solutions have been supporting companies in data management and data protection – technologically leading, reliable in productive use and applicable across all industries.

In use since 1978: Numerous well-known companies, service providers, financial institutions and state and federal authorities are among our long-standing customers.

Maximum compatibility: Our software supports both classic mainframe platforms (Fujitsu BS2000/OSD, IBM z/OS, z/VSE, z/Linux) and modern open system environments such as Linux, UNIX derivatives and Windows.