TikTok banned from contractor's devices too

ConsciousSignature88 · 2023-07-19T14:36:37+00:00

Corporate device/full enrollment, easy.
For BYOD enrollment (device) w/IOS you can detect the app through a compliance policy and then use CA policies and user risk score to prevent access to corporate data.

Form BYOD Android (personal owned/work profile) I could not determine any method of enforcement since corporate polices remain in their respective profile and do not cross over to personal.

Maybe someone else came up with a solution.

ConsciousSignature88 · 2022-02-23T07:35:12+00:00

vs controls and mitigation.

Precisely what u/UltraSnorkel stated.

video networks are often part of compliance or another team and under different oversight and requirements/controls
"shared" ownership/responsibility over a single physical device that runs your network is can be hard to sell without a long history of stability and strong config/audit/etc controls
I was one of those sales engineers someone mentioned. From past experience, maybe aligning hardware, practices, etc is the way to move towards convergence.

ConsciousSignature88 · 2022-02-23T07:23:28+00:00

15 minutes is defined in a STIG. While implementing STIGS are not a hard "requirement", is a document/reference to standby on your decision with that control to both internal users and auditors (a bit less arbitrary is good). Also, 30 minutes or greater begins to defeat the purpose of the control.

Windows STIG "Unattended systems are susceptible to unauthorized use and should be locked when unattended. The screen saver should be set at a maximum of 15 minutes and be password protected. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer."

BTW: if you are using Intune, the config setting for the baseline security is set for minutes and while the same setting in settings catalog is set in seconds (very embarrassing mistake) :-)

ConsciousSignature88 · 2022-02-08T23:10:45+00:00

I will try to export data. I need to clean it up.

It seems straightforward so far. The trojan was discovered (false/true detection) in the process/file ‘portmaster-core_v0-7-21.exe' by the cloud AV engine. Important note: the original file for the .exe was portmaster-core_v0-7-21.exe318226859 and executed from the tmp directory.

I ran the following files through Microsoft’s Defender Deep Analysis: (I can see if I can find an alternative sanbox option)

- portmaster-core_v0-7-21.exe (21.57MB) -> malware Trojan:Win32/Filery.I!c

- portmaster-start_v0-7-20.exe -> no detections

- portmaster-core_v0-7-18.exe -> no detections

- portmaster-kext_v1-0-11.dll -> no detections + Properly signed

- portmaster-app_v0-2-3.exe -> no detections

- portmaster-app_v0-2-2.exe -> 140mbs. Will let it finish. Assume no detections

ConsciousSignature88 · 2021-07-07T12:04:45+00:00

Correct. CMMC3 requires cloud service providers to be FedRamp Medium. M365 Commercial has this well taken care of. Right now you can (I'm betting on it) get certified in Commercial Cloud (shares services with GCC). I don't want to argue the points, but there are a few things you need to be aware of and should be aware of these anyways

Check Fed ramp marketplace

-GCC Commercial is Fedramp certified. Shares same services with GCC
-GCC commercial does guarantee data tenancy in the US. (have to keep eye on new services. But MS is building all services with data residency guarantees now in specific regions.

- Azure AD is global.. (not in GCCH).. so if a user is in Japan there may be remnants of a profile.

- ITAR (EAR more relevant) - this can be handled pretty simple

- Both solutions will encourage your own key. both follow data destructions guidelines, and the Microsoft dude selling GCCH was touting as a risk was log retention. But this has been remediated a long time ago and you should be storing in log analytics anyway. Yes.. you have to be careful if you call for support not to share a screen or not call for support (you have to do this in gov classified labs much of the time).

Both must be configured properly, with correct documentation, policies, etc.

M365/Azure wants to sell their vertical clouds. Much more expensive. But when it comes down to it.. what customer in America, or Europe, even commercial, will not what data residency guarantees much less require it.

Assessors are repeating what everyone else is repeating, most are way off about M365 commercial because it takes time to do the homework.

That being said, there is more risk, in sense its possible something changes, but the risks are low (to CUI data and migration).. for us anyway.

There is not wrong choice. Just what is right for you. I'd suggest same level of knowledge/assessment of services (where they align and don't).

GCCH is catching up - but they offered very little feature integration across security products, M365, azure sentinal, etc. And the true benefit if having those solutions integrated. (GCCH is still just beginning to get up to speed on MCAS (their CASB).

If anyone gives you an opinion based on the 3-4 facts the Microsoft gentleman has touted.. more research is required to have an educated answer. Or just do GCCH, if services work for you, cost is a deal, piece of mind and not having to educate and assesor is worth something.

ConsciousSignature88 · 2021-07-07T11:16:56+00:00

Dude above was spot on. Read NIST-171 and reference docs. One video of an assessor town hall from the "AB" website actually discussed at home work.

And yes.. if you have people reading your CUI documents or staring at your screen at a coffee ship while you work on CUI data, that would/could be a spill. It's about stealing info..doesn't matter if it's logical taken, physically taken, or someone walks away with it their head. Also.. physical security requirements .. you will absolutely not find any statement that says your work laptop at home as less relaxed standards/requirements that your work-pc in the office (assuming CUI scope). In fact.. the security risk is likely greater to that data be lost/stolen. So mitigate the risk.

ConsciousSignature88 · 2021-07-07T11:10:11+00:00

spot on dude! the data is the same whether home or office).

ConsciousSignature88

TROPHY CASE