FEDRAMP and/or disabling cloud services - CMMC evaluation

WillGGT

Hello,

Does Bluebeam have any intentions of pursuing a Fedramp government offering?

Does Bluebeam have solid documentation on how to disable cloud functionality? This article referenced these support threads:

How to disable access to Bluebeam services | Bluebeam Technical Support

We've got a customer who wants to use Bluebeam but also remain complaint for NIST/CMMC.

Does anyone have Bluebeam MIP working in a M365 GCCH environment?

How to use Microsoft Information Protection (MIP) with Revu | Bluebeam Technical Support

Thanks!

Andrew Sue

My reseller tells me that Bluebeam has no NIST/CMMC compliant option. Bluebeam studio is not compliant. There is no more Bluebeam Studio Enterprise where we could have set up a server in our GCCH.

With so many companies in this space going after CMMC, what is Bluebeam doing to provide a compliant version of the estimated 35% of the Defense Industrial Base going for their CMMC?

RobCampbell

February 2025… is Bluebeam working toward CMMC, or are they sticking their heads in the sand, hoping it was just a threat that's going to blow over soon? As a DoD contractor, we are in the process of dropping all software services that aren't FedRamp compliant. It's painful. I hate to lose all the convenience and functionality of Revu studio projects and sessions.

Luke Shiras

I can't speak for Bluebeam, but it seems there are many "industry standards" out there, and many are poorly defined or set unrealistic requirements. As for CMMC requirements, making Bluebeam compliant may simply be too monumental a shift to accomplish easily or quickly.

If it was just making basic Bluebeam available offline, that probably could be done. But if you want to use Bluebeam Studio offline (in-house server) that has already been rejected because of how it works on the backend (to the disappointment of many customers with security concerns).

Would having a Sessions-Free version/option meet your needs?