This guide provides steps for deploying XQ’s email extensions for CMMC users.
CMMC customers must deploy XQ’s Secure Email extensions in a specific way to ensure they meet Federal Information Processing Standards Publication (FIPS) security standards.
FIPS are standards and guidelines for federal computer systems established by the National Institute of Standards and Technology (NIST). These standards ensure the security and reliability of information technology (IT) products and services used by the government. FIPS standards must be met to ensure CMMC compliance.
Note: The following steps are intended to be performed by an administrator. Administrators must set up XQ Vault and Email in a specific way that meets CMMC compliance.
- Create an XQ account and add all team members.
- Ensure all team members use a Chromium-Based browser. Chromium-Based browsers must be used because a Chrome Extension is used for FIPS validated encryption. Other browsers may not allow for FIPS validated encryption and will not meet CMMC requirements.
- We recommend using Microsoft Edge or Google Chrome.
- Install the XQ FIPS Helper Application on all machines team members will use and Install the XQ Native Bridge extension on all team members’ Chromium Based browsers.
- XQ’s FIPS Helper Application and XQ Native Bridge are CMMC-compliant software tools used to implement FIPS 140-2 standards for cryptography. They work by providing additional functionality to a system that verifies that the cryptographic module used on your team’s machine is FIPS 140-2 compliant.
- Installing the XQ FIPS Helper Application and XQ Native Bridge involve adjusting your privacy & security settings, installing the FIPS Helper Application on your machine, and installing the XQ Native Bridge on your browser. For installation steps see:
- Install either the Chromium Gmail Extension or the Outlook Add-in on all team members’ machines. You can also install the Outlook Add-In for your whole Microsoft 365 Group at once.
- If you are installing the Outlook Add-In, we recommend installing Outlook as a progressive web app (PWA) in Microsoft Edge or Google Chrome. With the Outlook PWA, you can pin and launch the web version of Outlook from your computer’s home screen or taskbar and access your account while you’re offline. This provides the look and feel of Outlook’s desktop application, but is still CMMC compliant because it runs off your Chromium-Based browser. For instructions on installing Outlook as a progressive web app, see Use the web version of Outlook like a desktop app.
- Turn on FIPS mode in your XQ Email settings.
- Ensure users are signed in to either the Gmail or Outlook extensions with the correct team.
- Create Data Loss Prevention And Data Access Control Policies.
Warning: Team members cannot use the Outlook desktop application, mobile applications, or mobile browsers because they are not Chromium Based and can therefore not be made FIPS 140-2 compliant.