Overview
Secureframe Federal MDM is a FedRAMP Moderate authorized device management solution designed specifically for organizations pursuing CMMC compliance. It provides automated device compliance monitoring, ensuring your endpoints meet the security requirements of NIST 800-171 and CMMC frameworks.
Key Features
FedRAMP Moderate Authorized
Secureframe Federal MDM operates in a FedRAMP Moderate environment, meeting the most stringent federal security requirements. This makes it suitable for handling Controlled Unclassified Information (CUI) and supporting your CMMC certification journey.
Automated Device Compliance Monitoring
Hard drive encryption verification - Automatically checks that all enrolled devices have full-disk encryption enabled
Firewall status monitoring - Verifies local firewall is active on all devices
Antivirus/anti-malware detection - Confirms security software is installed and running
Operating system patch status - Tracks OS update compliance across your fleet
Multi-factor authentication (MFA) - Validates MFA is configured on devices
Seamless Integration with Secureframe
Device compliance data from Federal MDM automatically flows into your Secureframe dashboard, populating relevant CMMC tests and controls. This eliminates manual evidence collection and keeps your compliance posture up-to-date in real-time.
Pricing
$15 per device per month, billed upfront.
Contact your Customer Success Manager or [email protected] to add Federal MDM to your subscription.
Getting Started
Prerequisites
Active Secureframe Defense subscription
Devices running Windows 10/11, macOS 12+, or supported Linux distributions
Enrollment Steps
Enable Federal MDM - Contact your CSM to enable Federal MDM on your account. You'll need to determine a specific number of devices. Once added, you'll see Secureframe Federal MDM as connected in the Integrations page.
Specify groups - Navigate to Personnel Settings → Onboarding → Secureframe device management and specify the groups who'll need to use the Secureframe Federal MDM. You can check who is included from the Groups tab in Onboarding.
Here is an example screenshot with installation enabled and the user group "Employees" included:
Download and install the agent - Personnel in the designated groups will see a Secureframe Federal MDM step as part of their Employee Onboarding. If part of the specified group, you can download the device agent for your operating system.
These videos show how to install the Secureframe Federal MDM as an employee.
Installing on a Windows device:
Verify enrollment - Enrolled devices will appear in your Asset Inventory within 15 minutes.
Uninstalling the Secureframe Federal MDM
For Admins:
For Admins, the easiest way to uninstall the Secureframe Federal MDM from a device is to delete the device from the Asset Inventory page.
There are two ways for Admins to delete devices. To delete a single device, you can click the triple dots menu next to the device, then click "Delete device". To delete multiple devices, it can be easier to select multiple devices via the checkboxes in the left-hand column, then click "Delete".
For Individual Users:
It is always preferred to delete a device via the Secureframe App.
If that is not an option, below are uninstallation scripts for each operating system.
Windows:
There is a PowerShell script attached to this article named uninstall-secureframe-federal-mdm.ps1
Please download it, open PowerShell as Administrator, navigate to the folder with the uninstallation script, and run the following command:
powershell -ExecutionPolicy Bypass -File .\uninstall-secureframe-federal-mdm.ps1
MacOS:
There is a Bash script attached to this article named uninstall-secureframe-federal-mdm.sh
Please download it, open Terminal or your preferred console, navigate to the folder with the uninstallation script, and run the following commands:
chmod +x uninstall-secureframe-federal-mdm.sh sudo ./uninstall-secureframe-federal-mdm.sh
Linux
There is a Bash script attached to this article named linux-uninstall-secureframe-federal-mdm.sh
Navigate to the folder /opt/NinjaRMMAgent/programfiles/ then please choose and run one of the following commands, according to your Linux distribution:
sudo ./ninja-deb-uninstall.shsudo ./ninja-deb-harakiri.shsudo ./ninja-rpm-uninstall.sh
Troubleshooting
Device not appearing in inventory
Verify the agent is running on the device
Check that the device has internet connectivity
Allow up to 15 minutes for initial sync
Compliance check showing as failed
Review the specific check details in the device view
Some checks require a device restart after remediation
Contact support if the issue persists after remediation
Frequently Asked Questions (FAQ)
Q: What data does Secureframe Federal MDM collect?
A: Federal MDM collects device security posture information only, including encryption status, firewall status, antivirus status, and OS version. No user files or personal data are accessed.
Q: Can I use Federal MDM for non-CMMC compliance?
A: While designed for CMMC, the device compliance data can support other frameworks including FedRAMP, NIST 800-53, and StateRAMP.
Q: How do I remove a device from Federal MDM?
A: Delete it from the Asset Inventory → Devices → Federal MDM Devices.
Need help? Contact [email protected] or use the Help widget in the Secureframe app.