CUI, as defined by the US government's NIST Special Publication 800-171, refers to unclassified information that requires protection and dissemination controls. CUI protection is crucial for organizations handling sensitive information on behalf of the US government. The NIST 800-171 standard outlines the requirements for protecting CUI, including implementing security controls for access, authentication, and encryption.
| Feature | GlobalSCAPE EFT | GoAnywhere MFT | Titan SFTP Server | |---------------------------|------------------|----------------|---------------------| | FIPS 140-2 validation | Yes | Yes | Yes | | Built-in data-at-rest encryption | No (OS-level only) | Yes (AES-256) | Yes | | Native CMMC compliance report | No | Yes | No | | MFA included | No (add-on) | Yes | Yes (basic) | | DMZ gateway for CUI isolation | Yes | Yes | No | CUI, as defined by the US government's NIST
| NIST 800-171 Family | GlobalSCAPE Capability | Gaps / Notes | |----------------------|------------------------|---------------| | | Granular folder/user permissions; IP allowlisting; session timeouts | Requires careful configuration—overly permissive default roles could expose CUI | | Audit & Accountability (AU) | Full user activity logging; immutable audit trails (with WORM storage) | Logs must be protected from modification; EFT supports this if configured to write to non-editable storage | | Configuration Management (CM) | Secure baseline templates; change logging | No automated compliance scanner for DISA STIGs (you must manually verify settings) | | Identification & Authentication (IA) | MFA support (TOTP, smart cards, RADIUS); password complexity enforcement | MFA is an add-on module (not base); for CUI, MFA for all interactive logins is strongly recommended | | System & Communications Protection (SC) | TLS 1.2/1.3 for data-in-transit; OpenPGP and SMIME for encryption; DMZ gateway support | No built-in data-at-rest encryption for CUI files stored on local drives (requires underlying OS/disk encryption like BitLocker) | | System & Information Integrity (SI) | Antivirus scanning via ICAP; file integrity monitoring (checksums) | No native FIM for configuration files; must integrate with third-party tools | | Feature | GlobalSCAPE EFT | GoAnywhere MFT
) is designed to meet strict, layered security requirements. GOV.UK 1. Strong Encryption (Data at Rest and In Transit) Globalscape shines here. In Transit: Supports secure protocols including SFTP, HTTPS, and FTPS to ensure data is encrypted while moving. At Rest: Features OpenPGP modules to encrypt files, and directory-level encryption within the Virtual File System. FIPS Compliance: As of 2026, Globalscape aligns with FIPS 140-3 (using OpenSSL 3.1.2), fulfilling the critical NIST SP 800-171 requirement for cryptographic validation. Globalscape +3 2. Access Control and Authentication MFA & Identity Management: Integrates with LDAP, SAML, and supports Multi-Factor Authentication (MFA) to ensure only authorized users access CUI. Granular Permissions: Provides role-based access control (RBAC), allowing administrators to restrict access based on the "need-to-know" principle. Globalscape 3. Auditing and Reporting Comprehensive Audit Trails: Globalscape logs all file transfer activity, including user ID, IP address, file name, and timestamp. Compliance Reports: The Regulatory Compliance Module (RCM) allows for quick generation of reports necessary to prove compliance during audits. Globalscape +1 4. Data Loss Prevention (DLP) & Threat Mitigation ICAP Integration: Globalscape integrates with Secure ICAP Gateway to inspect incoming/outgoing files for malware and sensitive data leaks. IP Reputation: Fortra’s Threat Brain helps block malicious IP addresses from connecting to your EFT server. Globalscape +1 The Verdict: Is Globalscape Enough for CUI? Yes, Globalscape EFT is a robust, highly capable solution for protecting CUI, but it is not a "magic bullet" for total CMMC/NIST 800-171 compliance. Where it wins: It serves as the secure "boundary" for your CUI. It excels at keeping data encrypted, authenticated, and logged during movement and storage. What you must do: Globalscape protects data In Transit: Supports secure protocols including SFTP, HTTPS,