CMMC Ready — CMMC Level 3
92% NIST 800-171 coverage. 2 control gaps identified.
CMMC Status
CMMC Ready
Target Level
Level 3
NIST Coverage
92%
Wickr by AWS
by Amazon Web Services
Overview
Wickr by Amazon Web Services is a collaboration solution with FedRAMP authorization targeting CMMC Level 3 compliance. It provides 92% coverage of NIST 800-171 controls for defense contractors handling CUI.
What This Means for Defense Contractors
Wickr by AWS meets the architectural requirements for CMMC Level 3. However, CMMC compliance depends on your entire system boundary — not just individual tools. There are 2 NIST 800-171 control gaps that need remediation before assessment. Defense contractors using Wickr by AWS should verify that their System Security Plan (SSP) documents how this tool fits within their authorization boundary.
NIST 800-171 Coverage
Control Gaps
Using Wickr by AWS without addressing these NIST 800-171 controls may result in findings during a CMMC assessment:
Strengths
Using Wickr by AWS in a CMMC Environment
For defense contractors already using Wickr by AWS, the path to CMMC compliance involves documenting the tool in your System Security Plan (SSP), ensuring proper access controls are configured, and validating that Wickr by AWS's security controls align with your authorization boundary. With 92% NIST 800-171 coverage, Wickr by AWS provides a strong compliance foundation, though the 2 remaining control gaps will need compensating controls or supplementary tools.
CMMC-Ready Collaboration Alternatives
CMMC Compliance Analysis for Wickr by AWS
Wickr by AWS demonstrates strong CMMC Level 3 readiness with its FedRAMP High authorization and robust encryption capabilities, making it suitable for handling CUI in defense contractor collaboration workflows. The platform excels in NIST 800-171 control families 3.1 (Access Control), 3.4 (Configuration Management), 3.13 (System and Communication Protection), and 3.14 (System and Information Integrity) through its enterprise-grade encryption, identity management integration, and continuous monitoring features. However, gaps in controls 3.5.7 (Identification and Authentication - privileged user re-authentication) and 3.8.1 (Audit and Accountability - audit log protection) present specific remediation requirements. During a C3PAO assessment, evaluators will scrutinize Wickr's privileged user session management and audit log integrity mechanisms, requiring documented compensating controls for these gaps. The tool can operate within a CMMC authorization boundary due to its FedRAMP authorization, but organizations must implement additional controls for the identified gaps. Wickr's DoD SRG IL4/IL5 support and FIPS 140-2 validated encryption provide significant advantages over competitors like Microsoft Teams or Slack, which lack comparable DoD-specific authorizations. The platform's SOC 2 Type II certification and AWS's robust compliance infrastructure position it favorably against other collaboration solutions, though the specific NIST control gaps require careful documentation and compensating control implementation to achieve full CMMC Level 3 compliance.
Configuration Guide
To optimize Wickr by AWS for CMMC Level 3 assessment, implement multi-factor authentication for all privileged users with session re-authentication every 12 hours to address control 3.5.7. Configure automated audit log forwarding to a SIEM solution with cryptographic integrity protection to remediate 3.8.1. Document compensating controls in the System Security Plan including network segmentation, privileged access management procedures, and audit log monitoring processes. Establish continuous monitoring protocols using AWS CloudTrail and CloudWatch to track user activities and system changes. Configure Wickr's enterprise policies to enforce data loss prevention, retention policies aligned with organizational requirements, and integration with existing identity providers. Timeline estimate: 6-8 weeks for initial configuration and compensating control implementation, including SSP documentation updates and staff training. Maintain compliance through quarterly access reviews, monthly audit log integrity verification, and annual penetration testing. Prepare evidence packages for C3PAO review including configuration screenshots, policy documentation, privileged user re-authentication logs, audit log integrity reports, and compensating control effectiveness demonstrations. Ensure all configurations align with Wickr's FedRAMP baseline while addressing CMMC-specific requirements through documented procedures and technical implementations.
Configuration Checklist
- 1ISSO: Configure multi-factor authentication for all Wickr privileged users with 12-hour session re-authentication to address NIST 3.5.7
- 2Sysadmin: Integrate Wickr audit logs with organizational SIEM solution implementing cryptographic integrity protection for NIST 3.8.1
- 3ISSO: Document compensating controls in SSP Section 3.5.7 and 3.8.1 including network segmentation and privileged access procedures
- 4Sysadmin: Configure AWS CloudTrail and CloudWatch monitoring for Wickr infrastructure with automated alerting on configuration changes
- 5ISSO: Establish quarterly privileged user access reviews and document procedures in SSP Section 3.1.1
- 6Sysadmin: Implement data loss prevention policies within Wickr enterprise console aligned with CUI handling requirements
- 7ISSO: Create POA&M entries for ongoing monitoring of compensating controls effectiveness with quarterly review milestones
- 8C3PAO: Prepare evidence packages including Wickr configuration screenshots, audit log integrity reports, and FedRAMP authorization documentation
- 9Contracts: Ensure Wickr subscription includes enterprise features required for CMMC compliance including advanced analytics and reporting
- 10ISSO: Conduct annual penetration testing including Wickr endpoints and document results for continuous monitoring evidence
Estimated Compliance Cost
Initial setup and remediation costs range from $15,000-$35,000, including SIEM integration, privileged access management tool licensing, and consultant fees for SSP updates and compensating control design. Annual ongoing costs approximate $8,000-$15,000 for Wickr enterprise licensing (based on user count), continuous monitoring tools, and quarterly compliance assessments. Continuous monitoring expenses add $3,000-$6,000 annually for SIEM licensing, automated scanning tools, and audit log storage. Implementation timeline spans 6-8 weeks with additional 2-3 weeks for C3PAO readiness preparation. Costs vary significantly based on organization size, existing security infrastructure, and integration complexity with current identity management systems.
Compliance Cross-References
Wickr by AWS's FedRAMP High authorization directly supports DFARS 252.204-7012 requirements for adequate security on covered contractor information systems, while its DoD SRG IL4/IL5 compliance addresses DFARS 252.204-7021 requirements for safeguarding covered defense information. The platform's encryption capabilities satisfy NIST 800-171 control family 3.13 (System and Communication Protection) requirements, though gaps in 3.5.7 (privileged user re-authentication) and 3.8.1 (audit log protection) require specific compensating controls. For CMMC Level 3 assessment domains, Wickr supports Access Control (AC), Configuration Management (CM), Identification and Authentication (IA), and System and Communication Protection (SC) practices through its enterprise features. The FedRAMP authorization provides pre-validated security controls that C3PAOs recognize as meeting federal security baselines, reducing assessment complexity. Organizations can leverage Wickr's continuous monitoring capabilities to demonstrate ongoing compliance with both CMMC and FedRAMP requirements, creating alignment across multiple compliance frameworks while addressing the specific collaboration needs of defense contractors handling CUI.
Related Compliance Assessments
Frequently Asked Questions
Is Wickr by AWS CMMC compliant?
Wickr by AWS meets CMMC Level 3 requirements with 92% NIST 800-171 control coverage.
What NIST 800-171 controls does Wickr by AWS cover?
Wickr by AWS covers 92% of the 110 NIST 800-171 controls, with 2 gaps primarily in 3.5.7 and 3.8.1 control families.
What are the CMMC compliance gaps for Wickr by AWS?
The primary gaps are in controls 3.5.7, 3.8.1. These require supplementary tools or process controls to achieve full CMMC Level 3 compliance.
Check Your Full Tech Stack
See CMMC readiness scores for 80+ enterprise vendors.
Open CMMC Readiness CheckTrack Wickr by AWS CMMC readiness updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days