Partially Ready — CMMC Level 2

76% NIST 800-171 coverage. 4 control gaps identified.

CMMC Status

Partially Ready

Target Level

Level 2

NIST Coverage

76%

Endpoint Security

Sophos Government

Name: Sophos Government
Rating: 3 (15 reviews)
Author: Sophos

by Sophos

Overview

Sophos Government by Sophos is an endpoint security solution pursuing FedRAMP authorization targeting CMMC Level 2 compliance. It provides 76% coverage of NIST 800-171 controls for defense contractors handling CUI.

NIST 800-171 Coverage

76% of 110 controls covered4 gaps

Control Gaps

3.1.53.1.123.1.203.3.1

Strengths

✓STIG-hardened configurations

✓Dedicated government data centers

✓Role-based access controls

CMMC-Ready Endpoint Security Alternatives

CrowdStrike Falcon Government

CrowdStrike — 91% coverage

VMware Carbon Black Government

Broadcom — 85% coverage

SentinelOne Government

SentinelOne — 87% coverage

Tanium Government

Tanium — 89% coverage

Frequently Asked Questions

Is Sophos Government CMMC compliant?

Sophos Government partially meets CMMC requirements with 76% coverage. 4 control gaps need remediation.

What NIST 800-171 controls does Sophos Government cover?

Sophos Government covers 76% of the 110 NIST 800-171 controls, with 4 gaps primarily in 3.1.5 and 3.1.12 control families.

What are the CMMC compliance gaps for Sophos Government?

The primary gaps are in controls 3.1.5, 3.1.12, 3.1.20, 3.3.1. These require supplementary tools or process controls to achieve full CMMC Level 2 compliance.

Check Your Full Tech Stack

See CMMC readiness scores for 80+ enterprise vendors.

Open CMMC Readiness Check

← All CMMC Readiness Checks