R3 GovCloud Hybrid for CMMC

For GovCon CMMC Certification and ITAR

R3 GovCloud Hybrid

In 2025, Federal Contractors are starting their CMMC certifications. R3 supports customer CMMC Level 2 compliance requirements through its GovCloud Hybrid deployment model. With this model users work in their R3 solution workplace in the R3 cloud environment, but all documents uploaded or created are physically stored within the  customers Microsoft 365/GCC/GCC High environment.

This “hybrid” deployment model has a number of benefits. For CMMC, it simplifies the CMMC L2 certification process for customers and gives them greater control because all CUI documents are stored within the customers’ Microsoft environment. The R3 GovCloud Workplace environment is still in scope for CMMC L2 certification, but, it does not store, process or transmit CUI documents. Accordingly, it is not subject to CUI requirements of CMMC L2 or DFARS 252.204-7012 requirements for FedRamp Moderate Equivalency. Instead, the information in R3 is considered FCI but not CUI and is thus assessed at CMMC Level 1. This simplifies your certification assessment process and reduces costs.

The Hybrid model has these additional security benefits:

  • While R3 compliance is for CMMC Level 1, we do operate the R3 GovCloud environment at a higher level of cybersecurity. We operate at CMMC Level 2 for all 110 controls and support the NIST 800-53 technical controls.
  • The R3 GovCloud environment also operates to support ITAR requirements as all R3 personnel are US citizens and we run in the AWS GovCloud West which supports ITAR requirements on the same basis.
  • The physical barrier between the R3 environment and the customers’ Microsoft environment means that R3 Support personnel do not have access to any of the documents of the customer. This is a benefit that is unique to the Hybrid model and not available to customers using a standard FedRamp certified system.

There are also ease of use benefits to the Hybrid model. All customers using the R3 GovCloud Hybrid Workplace service, have Single Sign On between their Microsoft environment and the R3 environment. In addition, since all documents are stored in the customers’ Microsoft environment users access and work with documents directly from Microsoft’s environment. Thus, they work in a native Office 365 App environment. This provides user features such as live co-authoring, co-authoring for Word, Excel, and PowerPoint, and Auto-Save.

Leveraging the R3 GovCloud Hybrid model meets your cybersecurity needs for CMMC L2 and provides you with end user ease of use. Contact us at info@r3bsolutions.com for more information.