GlobalSCAPE EFT provides a robust, FIPS-validated transport layer and granular access controls that meet the spirit of NIST 800-171 for file transfer scenarios. It is widely used in federal, healthcare, and DIB environments.
, GlobalSCAPE EFT is a capable, reliable component of a compliant CUI protection strategy—provided you never rely on it alone. About the Evaluation This analysis is based on GlobalSCAPE EFT v8.x and later, NIST SP 800-171 Rev 2, and CMMC Level 2 draft practices as of 2025. Always consult your GlobalSCAPE/Fortra representative for current FIPS certificates and compliance guides, and engage a registered practitioner organization (RPO) for official CMMC assessments. About the Evaluation This analysis is based on
GlobalSCAPE (now part of Fortra’s data security portfolio) has long been a name in secure file transfer. But the question for compliance officers and IT security managers is clear: But the question for compliance officers and IT
| NIST 800-171 Family | GlobalSCAPE Capability | Gaps / Notes | |----------------------|------------------------|---------------| | | Granular folder/user permissions; IP allowlisting; session timeouts | Requires careful configuration—overly permissive default roles could expose CUI | | Audit & Accountability (AU) | Full user activity logging; immutable audit trails (with WORM storage) | Logs must be protected from modification; EFT supports this if configured to write to non-editable storage | | Configuration Management (CM) | Secure baseline templates; change logging | No automated compliance scanner for DISA STIGs (you must manually verify settings) | | Identification & Authentication (IA) | MFA support (TOTP, smart cards, RADIUS); password complexity enforcement | MFA is an add-on module (not base); for CUI, MFA for all interactive logins is strongly recommended | | System & Communications Protection (SC) | TLS 1.2/1.3 for data-in-transit; OpenPGP and SMIME for encryption; DMZ gateway support | No built-in data-at-rest encryption for CUI files stored on local drives (requires underlying OS/disk encryption like BitLocker) | | System & Information Integrity (SI) | Antivirus scanning via ICAP; file integrity monitoring (checksums) | No native FIM for configuration files; must integrate with third-party tools | 3. The Critical Weakness: CUI Data-at-Rest One area where organizations often misunderstand GlobalSCAPE is data-at-rest encryption . OpenPGP and SMIME for encryption