{"id":18859,"date":"2025-12-17T17:45:40","date_gmt":"2025-12-17T22:45:40","guid":{"rendered":"https:\/\/www.iri.com\/blog\/?p=18859"},"modified":"2026-03-10T15:08:02","modified_gmt":"2026-03-10T19:08:02","slug":"masking-data-for-cmmc-compliance","status":"publish","type":"post","link":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/","title":{"rendered":"Masking Data for CMMC Compliance"},"content":{"rendered":"<h5><b>Abstract<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">The Cybersecurity Maturity Model Certification (CMMC) is a cornerstone of the U.S. Department of Defense (DoD) strategy to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) across the Defense Industrial Base (DIB). While CMMC defines <\/span><i><span style=\"font-weight: 400;\">what<\/span><\/i><span style=\"font-weight: 400;\"> safeguards must be implemented, defense contractors and their consultants still need practical, auditable technologies to operationalize those requirements consistently and at scale.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This article maps CMMC 2.0 requirements\u2014particularly those aligned with NIST SP 800-171 and SP 800-172\u2014to <a href=\"https:\/\/www.iri.com\/\">IRI<\/a>\u2019s data discovery and masking software, including <a href=\"https:\/\/www.iri.com\/products\/darkshield\">DarkShield\u00ae<\/a>\u00a0and the <a href=\"https:\/\/www.iri.com\/products\/iri-data-protector\">IRI Data Protector Suite\u00ae<\/a>. It demonstrates how a data-centric security approach helps primes and subcontractors alike reduce compliance scope, enforce least privilege, and produce defensible assessment evidence.<\/span><\/p>\n<h5><b>Understanding CMMC in a Data-Centric Context<\/b><\/h5>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-18866 aligncenter\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/cmmc-2.0-1-1024x558.png\" alt=\"\" width=\"574\" height=\"313\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/cmmc-2.0-1-1024x558.png 1024w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/cmmc-2.0-1-300x164.png 300w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/cmmc-2.0-1-768x419.png 768w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/cmmc-2.0-1-1536x838.png 1536w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/cmmc-2.0-1.png 1110w\" sizes=\"(max-width: 574px) 100vw, 574px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">CMMC 2.0 consolidates security expectations into three levels:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Level 1 (Foundational):<\/b><span style=\"font-weight: 400;\"> Protection of FCI using basic safeguarding practices.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Level 2 (Advanced):<\/b><span style=\"font-weight: 400;\"> Protection of CUI aligned with NIST SP 800-171.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Level 3 (Expert):<\/b><span style=\"font-weight: 400;\"> Enhanced protections for high-risk programs (based on select NIST SP 800-172 controls).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Across these levels, a recurring theme is <\/span><i><span style=\"font-weight: 400;\">data awareness and control<\/span><\/i><span style=\"font-weight: 400;\">: knowing where sensitive data exists, who can access it, and how it is protected throughout its lifecycle. This is where automated data discovery and masking become essential.<\/span><\/p>\n<h5><b>Why Data Discovery and Masking Matter for CMMC<\/b><\/h5>\n<h5><b><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-18868 alignright\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/discovery-masking-1-951x1024.png\" alt=\"\" width=\"239\" height=\"257\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/discovery-masking-1.png 951w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/discovery-masking-1-279x300.png 279w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/discovery-masking-1-768x827.png 768w\" sizes=\"(max-width: 239px) 100vw, 239px\" \/><\/b><\/h5>\n<p><span style=\"font-weight: 400;\">Many CMMC controls implicitly assume that organizations can accurately:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Identify FCI and CUI across structured, semi-structured, and unstructured sources<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Minimize exposure of sensitive data in non-production, analytics, and test environments<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enforce least privilege by reducing the presence of clear-text sensitive data<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Demonstrate repeatable, auditable protection mechanisms<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Manual processes and point tools struggle to meet these expectations at scale\u2014especially in hybrid, multi-cloud, and legacy environments common in the DIB.<\/span><\/p>\n<h5><b>Overview of IRI Data Discovery and Masking Capabilities<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">IRI provides an integrated, data-centric approach to sensitive data protection:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.iri.com\/products\/darkshield\"><b>IRI DarkShield\u00ae<\/b><\/a><span style=\"font-weight: 400;\">: Automated discovery, classification, and masking of sensitive data\u2014including CUI, PII, PHI, PCI, and IP\u2014across files, documents, images, databases, and big data platforms.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b><a href=\"https:\/\/www.iri.com\/products\/fieldshield\">IRI FieldShield\u00ae<\/a> \/ <a href=\"https:\/\/www.iri.com\/products\/cellshield\">CellShield\u00ae<\/a><\/b><span style=\"font-weight: 400;\">: High-performance, rule-based masking for structured data at rest and in motion.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.iri.com\/products\/voracity\"><b>IRI Voracity\u00ae<\/b><\/a><span style=\"font-weight: 400;\">: A unified data management platform that combines discovery, ETL, data quality, and masking for governed analytics and AI readiness.<\/span><\/li>\n<\/ul>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-18873\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/integrated-data_protection-1024x580.png\" alt=\"\" width=\"554\" height=\"314\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/integrated-data_protection-1024x580.png 1024w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/integrated-data_protection-300x170.png 300w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/integrated-data_protection-768x435.png 768w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/integrated-data_protection-1536x870.png 1536w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/integrated-data_protection.png 1110w\" sizes=\"(max-width: 554px) 100vw, 554px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Together, these tools support continuous discovery, policy-driven masking, and provable enforcement aligned with CMMC objectives.<\/span><\/p>\n<h5><b>Mapping CMMC Practices to IRI Capabilities<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">The table below summarizes how key CMMC practice areas align with specific IRI capabilities. Detailed explanations follow.<\/span><\/p>\n<table  class=\" table table-hover\" style=\"height: 336px; background-color: #ffffff;\">\n<tbody>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 170.156px;\"><b>CMMC Practice Area<\/b><\/td>\n<td style=\"height: 48px; width: 230.547px;\"><b>Representative CMMC \/ NIST Controls<\/b><\/td>\n<td style=\"height: 48px; width: 224.453px;\"><b>IRI Capability<\/b><\/td>\n<td style=\"height: 48px; width: 173.844px;\"><b>Compliance Outcome<\/b><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 170.156px;\"><span style=\"font-weight: 400;\">Asset &amp; Data Identification<\/span><\/td>\n<td style=\"height: 48px; width: 230.547px;\"><span style=\"font-weight: 400;\">CMF.L2-3, NIST 3.4.1<\/span><\/td>\n<td style=\"height: 48px; width: 224.453px;\"><span style=\"font-weight: 400;\">Centralized data discovery and classification<\/span><\/td>\n<td style=\"height: 48px; width: 173.844px;\"><span style=\"font-weight: 400;\">Accurate FCI\/CUI scoping<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 170.156px;\"><span style=\"font-weight: 400;\">Access Control \/ Least Privilege<\/span><\/td>\n<td style=\"height: 48px; width: 230.547px;\"><span style=\"font-weight: 400;\">AC.L2-3, NIST 3.1.x<\/span><\/td>\n<td style=\"height: 48px; width: 224.453px;\"><span style=\"font-weight: 400;\">Policy-driven masking and role-based exposure<\/span><\/td>\n<td style=\"height: 48px; width: 173.844px;\"><span style=\"font-weight: 400;\">Reduced unauthorized access<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 170.156px;\"><span style=\"font-weight: 400;\">Data Protection<\/span><\/td>\n<td style=\"height: 48px; width: 230.547px;\"><span style=\"font-weight: 400;\">MP, SC, IA families<\/span><\/td>\n<td style=\"height: 48px; width: 224.453px;\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.iri.com\/solutions\/data-masking\">Data masking<\/a>, encryption, redaction, etc.<\/span><\/td>\n<td style=\"height: 48px; width: 173.844px;\"><span style=\"font-weight: 400;\">Prevention of clear-text exposure<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 170.156px;\"><span style=\"font-weight: 400;\">Media &amp; Non-Prod Sanitization<\/span><\/td>\n<td style=\"height: 48px; width: 230.547px;\"><span style=\"font-weight: 400;\">MP.L2, NIST 3.8.x<\/span><\/td>\n<td style=\"height: 48px; width: 224.453px;\"><span style=\"font-weight: 400;\">Static and real-time test <a href=\"https:\/\/www.iri.com\/solutions\/data-masking\">data masking<\/a><\/span><\/td>\n<td style=\"height: 48px; width: 173.844px;\"><span style=\"font-weight: 400;\">Safe Dev\/Test and data sharing<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 170.156px;\"><span style=\"font-weight: 400;\">Risk Management<\/span><\/td>\n<td style=\"height: 48px; width: 230.547px;\"><span style=\"font-weight: 400;\">RMF-aligned practices<\/span><\/td>\n<td style=\"height: 48px; width: 224.453px;\"><span style=\"font-weight: 400;\">Discovery reports and risk metrics<\/span><\/td>\n<td style=\"height: 48px; width: 173.844px;\"><span style=\"font-weight: 400;\">Reduced breach impact<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px; width: 170.156px;\"><span style=\"font-weight: 400;\">Audit &amp; Accountability<\/span><\/td>\n<td style=\"height: 48px; width: 230.547px;\"><span style=\"font-weight: 400;\">AU.L2-3, NIST 3.3.x<\/span><\/td>\n<td style=\"height: 48px; width: 224.453px;\"><span style=\"font-weight: 400;\">Repeatable jobs, logs, reports<\/span><\/td>\n<td style=\"height: 48px; width: 173.844px;\"><span style=\"font-weight: 400;\">Verifiable assessment evidence<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h6><b>1. Asset Identification and Data Location (CMMC Level 1\u20133)<\/b><\/h6>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-18874 alignright\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/asset-identification.png\" alt=\"\" width=\"128\" height=\"133\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/asset-identification.png 915w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/asset-identification-287x300.png 287w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/asset-identification-768x802.png 768w\" sizes=\"(max-width: 128px) 100vw, 128px\" \/><\/p>\n<p><b>CMMC Focus:<\/b><span style=\"font-weight: 400;\"> Understanding where FCI and CUI reside.<\/span><\/p>\n<p><b>IRI Alignment:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.iri.com\/products\/darkshield\">DarkShield<\/a> scans file systems, object stores, databases, and document repositories to locate sensitive data using pattern matching, dictionaries, NLP, and context rules.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Supports structured and unstructured data, including PDFs, Office documents, images, and logs.<\/span><\/li>\n<\/ul>\n<p><b>Compliance Value:<\/b><span style=\"font-weight: 400;\"> Enables accurate CUI scoping, a prerequisite for Level 2 certification.<\/span><\/p>\n<h6><b>2. Access Control and Least Privilege (Level 2\u20133)<\/b><\/h6>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-18875 alignright\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/access-control.png\" alt=\"\" width=\"131\" height=\"134\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/access-control.png 943w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/access-control-294x300.png 294w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/access-control-768x784.png 768w\" sizes=\"(max-width: 131px) 100vw, 131px\" \/><\/p>\n<p><b>CMMC Focus:<\/b><span style=\"font-weight: 400;\"> Limiting access to sensitive information.<\/span><\/p>\n<p><b>IRI Alignment:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Irreversible masking, pseudonymization, fabrication, and other deterministic or non-deterministic masking functions reduce the presence of live CUI in lower-trust environments.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Role-based masking rules ensure users and systems only see what they are authorized to see.<\/span><\/li>\n<\/ul>\n<p><b>Compliance Value:<\/b><span style=\"font-weight: 400;\"> Reduces insider threat and audit findings related to overexposed data.<\/span><\/p>\n<h6><b>3. Data Protection and Media Sanitization (Level 2\u20133)<\/b><\/h6>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-18879 alignright\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/data-protection.png\" alt=\"\" width=\"108\" height=\"128\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/data-protection.png 745w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/data-protection-253x300.png 253w\" sizes=\"(max-width: 108px) 100vw, 108px\" \/><\/p>\n<p><b>CMMC Focus:<\/b><span style=\"font-weight: 400;\"> Preventing unauthorized disclosure of CUI.<\/span><\/p>\n<p><b>IRI Alignment:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Persistent or dynamic masking protects data at rest, in motion, and in use.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Supports test data management (TDM) use cases where production CUI must not propagate.<\/span><\/li>\n<\/ul>\n<p><b>Compliance Value:<\/b><span style=\"font-weight: 400;\"> Demonstrates proactive control rather than reactive remediation.<\/span><\/p>\n<h6><b>4. Risk Management and Incident Impact Reduction (Level 2\u20133)<\/b><\/h6>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-18880 alignright\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/risk-management.png\" alt=\"\" width=\"108\" height=\"121\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/risk-management.png 801w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/risk-management-269x300.png 269w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/risk-management-768x856.png 768w\" sizes=\"(max-width: 108px) 100vw, 108px\" \/><\/p>\n<p><b>CMMC Focus:<\/b><span style=\"font-weight: 400;\"> Limiting the impact of a breach.<\/span><\/p>\n<p><b>IRI Alignment:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Masked or redacted data has no operational value to attackers.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Discovery reports help quantify residual risk and prioritize remediation.<\/span><\/li>\n<\/ul>\n<p><b>Compliance Value:<\/b><span style=\"font-weight: 400;\"> Supports risk-based decision-making required by NIST-aligned controls.<\/span><\/p>\n<h6><b>5. Auditability and Continuous Monitoring (Level 2\u20133)<\/b><\/h6>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-18881 alignright\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/audit-monitoring.png\" alt=\"\" width=\"121\" height=\"126\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/audit-monitoring.png 721w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/audit-monitoring-290x300.png 290w\" sizes=\"(max-width: 121px) 100vw, 121px\" \/><\/p>\n<p><b>CMMC Focus:<\/b><span style=\"font-weight: 400;\"> Evidence-based compliance.<\/span><\/p>\n<p><b>IRI Alignment:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Detailed logs, reports, and repeatable jobs show when, where, and how data was discovered and protected.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Policies can be re-run to support continuous compliance rather than one-time assessments.<\/span><\/li>\n<\/ul>\n<p><b>Compliance Value:<\/b><span style=\"font-weight: 400;\"> Simplifies preparation for CMMC assessments and POA&amp;M tracking.<\/span><\/p>\n<h5><b>Common Deployment Patterns in the Defense Ecosystem<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">Both prime contractors and subcontractors commonly deploy IRI data discovery and masking in the following scenarios:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Pre-assessment CUI discovery<\/b><span style=\"font-weight: 400;\"> to establish and document CMMC certification scope<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Data minimization for Dev\/Test and training<\/b><span style=\"font-weight: 400;\"> environments supporting engineering and sustainment programs<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Redaction and masking of shared documents<\/b><span style=\"font-weight: 400;\"> exchanged with primes, subs, and government stakeholders<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Analytics and AI enablement<\/b><span style=\"font-weight: 400;\"> using masked, yet analytically valid, data to support logistics, readiness, and program insights.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Subcontractor flow-down compliance<\/b><span style=\"font-weight: 400;\"> where primes require demonstrable CUI protections across the supply chain<\/span><\/li>\n<\/ul>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-19069 aligncenter\" src=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/IRI-data-discovery_masking_scenarios-1024x619.png\" alt=\"\" width=\"662\" height=\"400\" srcset=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/IRI-data-discovery_masking_scenarios-1024x619.png 1024w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/IRI-data-discovery_masking_scenarios-300x181.png 300w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/IRI-data-discovery_masking_scenarios-768x464.png 768w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/IRI-data-discovery_masking_scenarios-1536x928.png 1536w, https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/IRI-data-discovery_masking_scenarios.png 1110w\" sizes=\"(max-width: 662px) 100vw, 662px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">These patterns support compliance while preserving operational efficiency.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Pre-assessment CUI discovery<\/b><span style=\"font-weight: 400;\"> to establish certification scope<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Data minimization for Dev\/Test<\/b><span style=\"font-weight: 400;\"> environments<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Redaction of shared documents<\/b><span style=\"font-weight: 400;\"> sent to primes, subs, or government stakeholders<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Analytics and AI enablement<\/b><span style=\"font-weight: 400;\"> using masked but analytically valid data<\/span><\/li>\n<\/ul>\n<h5><b>FAQs: CMMC and IRI Data Protection<\/b><\/h5>\n<p><b>Q:\u00a0 Does CMMC explicitly require data masking?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">No, but many NIST SP 800-171 practices are challenging to meet without it.<\/span><\/p>\n<p><b>Q:\u00a0 Is data discovery required for CMMC Level 2?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">It is not named explicitly, but accurate CUI identification is mandatory.<\/span><\/p>\n<p><b>Q:\u00a0 Can IRI tools help define CUI scope?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes. <a href=\"https:\/\/www.iri.com\/products\/darkshield\">DarkShield<\/a> is commonly used to locate and classify CUI before assessments.<\/span><\/p>\n<p><b>Q:\u00a0 Does masking replace encryption?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">No. Masking complements encryption by reducing exposure in authorized use cases.<\/span><\/p>\n<p><b>Q:\u00a0 Can IRI handle unstructured CUI like PDFs and emails?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes, including scanned documents and images.<\/span><\/p>\n<p><b>Q:\u00a0 Is masked data still usable for testing and analytics?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes. IRI supports format-preserving and rule-based masking.<\/span><\/p>\n<p><b>Q:\u00a0 Does this help with insider threat mitigation?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes, by eliminating unnecessary access to clear-text data.<\/span><\/p>\n<p><b>Q:\u00a0 How does this support least privilege?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">By ensuring sensitive values are never present where they are not required.<\/span><\/p>\n<p><b>Q:\u00a0 Can discovery rules be customized to agency definitions of CUI?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes, using extensible pattern libraries and policies.<\/span><\/p>\n<p><b>Q:\u00a0 Is this applicable to cloud and hybrid environments?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes, including on-prem, cloud, and big data platforms.<\/span><\/p>\n<p><b>Q:\u00a0 Does IRI provide reporting for auditors?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes, with detailed discovery and masking reports.<\/span><\/p>\n<p><b>Q:\u00a0 Can IRI tools run continuously?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes, supporting ongoing compliance monitoring.<\/span><\/p>\n<p><b>Q:\u00a0 Does masking impact application performance?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">IRI masking is designed for high performance and scalability.<\/span><\/p>\n<p><b>Q:\u00a0 Is this relevant to Level 1 contractors?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">Yes, especially for FCI minimization and future readiness.<\/span><\/p>\n<p><b>Q:\u00a0 How does this help beyond compliance?<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">It improves security posture, reduces breach impact, and enables safer data reuse.<\/span><\/p>\n<h5><b>Conclusion<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">CMMC compliance is ultimately about reducing risk to sensitive defense information. IRI\u2019s data discovery and masking software provides the technical means to operationalize CMMC requirements with precision, scalability, and auditability. For defense contractors and consultants, a data-centric approach not only accelerates certification but also builds a stronger, more resilient security foundation for the long term.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Abstract The Cybersecurity Maturity Model Certification (CMMC) is a cornerstone of the U.S. Department of Defense (DoD) strategy to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) across the Defense Industrial Base (DIB). While CMMC defines what safeguards must be implemented, defense contractors and their consultants still need practical, auditable technologies to operationalize<\/p>\n<div><a class=\"btn-filled btn\" href=\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\" title=\"Masking Data for CMMC Compliance\">Read More<\/a><\/div>\n","protected":false},"author":3,"featured_media":18877,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[8],"tags":[2317,2320,2306,2307,2308,1386,280,14,2318,2314,2311,2312,2309,2313,1388,2289,2315,2310,2316,1750,379,2319],"class_list":["post-18859","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection","tag-audit-and-accountability","tag-cloud-and-hybrid-security","tag-cmmc","tag-cmmc-2-0","tag-cui-protection","tag-darkshield","tag-data-discovery","tag-data-masking","tag-data-minimization","tag-data-centric-security","tag-defense-industrial-base","tag-dod-cybersecurity","tag-fci-protection","tag-federal-compliance","tag-iri-darkshield","tag-iri-data-protector-suite","tag-least-privilege","tag-nist-sp-800-171","tag-risk-management-framework","tag-sensitive-data-protection","tag-test-data-management","tag-unstructured-data-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.4 (Yoast SEO v23.4) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Masking Data for CMMC Compliance - IRI<\/title>\n<meta name=\"description\" content=\"Explore the CMMC framework to enhance cybersecurity across the Defense Industrial Base and protect crucial information.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Masking Data for CMMC Compliance\" \/>\n<meta property=\"og:description\" content=\"Explore the CMMC framework to enhance cybersecurity across the Defense Industrial Base and protect crucial information.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"IRI\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-17T22:45:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-10T19:08:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1110\" \/>\n\t<meta property=\"og:image:height\" content=\"532\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"David Friedland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Friedland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\"},\"author\":{\"name\":\"David Friedland\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/person\/cdb89f0c0a9c88810b8516d4b140734a\"},\"headline\":\"Masking Data for CMMC Compliance\",\"datePublished\":\"2025-12-17T22:45:40+00:00\",\"dateModified\":\"2026-03-10T19:08:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\"},\"wordCount\":1222,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png\",\"keywords\":[\"Audit and Accountability\",\"Cloud and Hybrid Security\",\"CMMC\",\"CMMC 2.0\",\"CUI Protection\",\"DarkShield\",\"data discovery\",\"data masking\",\"Data Minimization\",\"Data-Centric Security\",\"Defense Industrial Base\",\"DoD Cybersecurity\",\"FCI Protection\",\"Federal Compliance\",\"IRI DarkShield\",\"IRI Data Protector Suite\",\"Least Privilege\",\"NIST SP 800-171\",\"Risk Management Framework\",\"sensitive data protection\",\"test data management\",\"Unstructured Data Security\"],\"articleSection\":[\"Data Masking\/Protection\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\",\"url\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\",\"name\":\"Masking Data for CMMC Compliance - IRI\",\"isPartOf\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png\",\"datePublished\":\"2025-12-17T22:45:40+00:00\",\"dateModified\":\"2026-03-10T19:08:02+00:00\",\"description\":\"Explore the CMMC framework to enhance cybersecurity across the Defense Industrial Base and protect crucial information.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage\",\"url\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png\",\"contentUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png\",\"width\":1110,\"height\":532},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.iri.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Masking Data for CMMC Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.iri.com\/blog\/#website\",\"url\":\"https:\/\/www.iri.com\/blog\/\",\"name\":\"IRI\",\"description\":\"Total Data Management Blog\",\"publisher\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.iri.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.iri.com\/blog\/#organization\",\"name\":\"IRI\",\"url\":\"https:\/\/www.iri.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png\",\"contentUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png\",\"width\":750,\"height\":206,\"caption\":\"IRI\"},\"image\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/person\/cdb89f0c0a9c88810b8516d4b140734a\",\"name\":\"David Friedland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/995ea08bc7d036da625671cb48a636eb?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/995ea08bc7d036da625671cb48a636eb?s=96&d=blank&r=g\",\"caption\":\"David Friedland\"},\"url\":\"https:\/\/www.iri.com\/blog\/author\/davidf\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Masking Data for CMMC Compliance - IRI","description":"Explore the CMMC framework to enhance cybersecurity across the Defense Industrial Base and protect crucial information.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/","og_locale":"en_US","og_type":"article","og_title":"Masking Data for CMMC Compliance","og_description":"Explore the CMMC framework to enhance cybersecurity across the Defense Industrial Base and protect crucial information.","og_url":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/","og_site_name":"IRI","article_published_time":"2025-12-17T22:45:40+00:00","article_modified_time":"2026-03-10T19:08:02+00:00","og_image":[{"width":1110,"height":532,"url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png","type":"image\/png"}],"author":"David Friedland","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Friedland","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#article","isPartOf":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/"},"author":{"name":"David Friedland","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/person\/cdb89f0c0a9c88810b8516d4b140734a"},"headline":"Masking Data for CMMC Compliance","datePublished":"2025-12-17T22:45:40+00:00","dateModified":"2026-03-10T19:08:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/"},"wordCount":1222,"commentCount":0,"publisher":{"@id":"https:\/\/www.iri.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png","keywords":["Audit and Accountability","Cloud and Hybrid Security","CMMC","CMMC 2.0","CUI Protection","DarkShield","data discovery","data masking","Data Minimization","Data-Centric Security","Defense Industrial Base","DoD Cybersecurity","FCI Protection","Federal Compliance","IRI DarkShield","IRI Data Protector Suite","Least Privilege","NIST SP 800-171","Risk Management Framework","sensitive data protection","test data management","Unstructured Data Security"],"articleSection":["Data Masking\/Protection"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/","url":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/","name":"Masking Data for CMMC Compliance - IRI","isPartOf":{"@id":"https:\/\/www.iri.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png","datePublished":"2025-12-17T22:45:40+00:00","dateModified":"2026-03-10T19:08:02+00:00","description":"Explore the CMMC framework to enhance cybersecurity across the Defense Industrial Base and protect crucial information.","breadcrumb":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#primaryimage","url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png","contentUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png","width":1110,"height":532},{"@type":"BreadcrumbList","@id":"https:\/\/www.iri.com\/blog\/data-protection\/masking-data-for-cmmc-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.iri.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Masking Data for CMMC Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.iri.com\/blog\/#website","url":"https:\/\/www.iri.com\/blog\/","name":"IRI","description":"Total Data Management Blog","publisher":{"@id":"https:\/\/www.iri.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.iri.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.iri.com\/blog\/#organization","name":"IRI","url":"https:\/\/www.iri.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png","contentUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png","width":750,"height":206,"caption":"IRI"},"image":{"@id":"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/person\/cdb89f0c0a9c88810b8516d4b140734a","name":"David Friedland","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/995ea08bc7d036da625671cb48a636eb?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/995ea08bc7d036da625671cb48a636eb?s=96&d=blank&r=g","caption":"David Friedland"},"url":"https:\/\/www.iri.com\/blog\/author\/davidf\/"}]}},"jetpack_featured_media_url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2025\/12\/Featured-Image-cmmc-compliance.png","_links":{"self":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts\/18859"}],"collection":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/comments?post=18859"}],"version-history":[{"count":12,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts\/18859\/revisions"}],"predecessor-version":[{"id":19070,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts\/18859\/revisions\/19070"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/media\/18877"}],"wp:attachment":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/media?parent=18859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/categories?post=18859"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/tags?post=18859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}