Capability Domains met by Salesforce

Salesforce Shield

Platform Encryption enables Government Contractors to encrypt sensitive data at rest, including CUI, at the platform level with FIPS-validated cryptography, which is required by CMMC, while maintaining important application functionality-(i.e., search, validation, workflow, etc.). Given that data is encrypted at the metadata layer in the database, key Salesforce application functionality can be made "encryption aware" and work despite the data being encrypted. With Platform Encryption, customers are able to render sensitive data unreadable by unauthorized persons. Additionally, customers are provided multiple options to manage the encryption key lifecycle. In the event of a data spill, this functionality can allow a customer to cryptographically erase the offending data from Salesforce.

Platform Encryption is part of Salesforce Shield, a premium set of features built natively on the Salesforce Platform that customers with complex security, governance, and compliance needs can choose to leverage. Salesforce Shield provides flexible and configurable capabilities for enhanced protection, monitoring, and retention of your critical data stored in Salesforce via Field Audit Trail, Event Monitoring, and Platform Encryption.