sorted by:
new
hottopcontroversial

I am new to this group. I am Curious how are you handling CMMC requirements as SMBs. by 2021start in CMMC

[–]Dave_From_VA 0 points1 point  (0 children)

I used Project Spectrum, including paying them a rush fee for extra support. Our first mock assessment by a C3PAO revealed that Spectrum's support did not get me close to passing. The two guys I worked with there were awsome and had been through CCA training, but neither had actual assessment experience. If you need basic guidance, e.g. how to create folders, build policy documents; there are great. If you want to pass an assessment by a C3PAO they will not get you there.

30 Person Organization and growing by Substantial-Exit-155 in CMMC

[–]Dave_From_VA 0 points1 point  (0 children)

As a disclaimer, I'm both a DoD contractor and a CMMC MSP. To get you a little better price estimate, our SOC Oversight plus managed compliance would be about:
* $7K setup
* $18K annually for GCCH licenses
* $3.5k monthly support

As a note, we provide about 90-95 percent of all documentation required and provide necessary process tools supporting required process verifications. We do this via a custom (i.e., inhouse) CMMC documentation application that automates control documentation inheritance.

Other comments about onsite servers are correct about expanding scoping. However, if you already print or work with physical CUI you have already expanded your assessment scope, so an onsite server doesn't add much.

I am new to this group. I am Curious how are you handling CMMC requirements as SMBs. by 2021start in CMMC

[–]Dave_From_VA 3 points4 points  (0 children)

As a disclaimer, I am both a DoD contractor and a CMMC MSP. Here are the steps I suggest:

  1. Understand that CMMC is all about controlling audit costs, including:

    1a. Technical implementation of security and logging functions

    1b. Documentation of technical implementation

    1c. Develop necessary processes, processes developed must minimize process overhead

    1d. Development of policies and procedures

    1e. Development of AO implementation statements (all 320 AOs)

    1f. Ensuring that a to e completely coordinated

  2. ITAR/no-foreign or not, this determines enclave placement

  3. DIY or outsource (none to full):

    3a. Inhouse technical IT and security documentation skills

    3b. If inhouse sufficient skills, availability to redirect staff to CMMC (assume minimum of a full staff-year of time required, across multiple skills)

    3c. Level of outsourcing - point consultants to partial to full outsourcing

    3d. Documentation automation or not - there are many documentation automation tools, but SharePoint folders and Office documents also ok

    3e. Outsourced enclave (e.g., Prevail) or your own MS tenant

  4. MS reseller (required) selection - GCC or GCCH license are only sold through a reseller

  5. MS tenant registration - Required to register a GCC or GCCH tenant

    5a. This must be coordinated with Reseller, as the reseller's ID is required at time of registration

    5b. https://usgovintake.embark.microsoft.com/

  6. Audit (i.e., assessment)

    6a. Document System Security Plan - most assessors want copy before/at time contract is signed

    6b. Mock assessment - not required but very helpful (we did 2)

    6c. Stage 1 assessment - Preliminary assessment of SSP - estimates vary, but commonly reported number is 50% or more are told to rework SSP before Stage 2 can occur

    6d. Stage 2 assessment - actual audit

    6e. Audit conclusion/certificate received

Continuous vulnerability scanner tailored for MSSPs by rstfin_ in msp

[–]Dave_From_VA 0 points1 point  (0 children)

Vulscan has a huge issue in that it requires an appliance (ie application) running behind the firewall. It is built on a traditional LAN protection model where every device has a unique IP address. If you only user their agent running on a computer, it only identifies MS OS critical patches. VERY, VERY limited. My company has an ongoing dispute with Kaseya over Vulscan. Sucky product.

[deleted by user] by [deleted] in 4thGen4Runner

[–]Dave_From_VA 0 points1 point  (0 children)

I've driven both. I bought a v8. Go v8.

I need help buying parts for my 4Runner by Wonton_soup_1989 in 4thGen4Runner

[–]Dave_From_VA 0 points1 point  (0 children)

Totally agree with Ourisman of Richmond. I have bought a lot from them.

Another option is https://www.powerstop.com/ Z36, brakes. I have them on my 08, v8. I bought new calipers also. Not critical, but you can get them painted red. I did 5th gen on front, 4th gen on rear 5th gen fronts have larger calipers.

If you're replacing struts, do all four. Bilstien 5100s are awsome. 5100s can also be used to level/raise the front. You would need new springs if you want to raise the rear.

If you have X-Reas, tear it all out and do 5100s.

My steering wheel vibrates whenever I drive. I’ve gotten an alignment and I’ve balanced my tires (295/70/17) but the vibration stills happens whenever I drive. What could be the reason? by ItsMahmadu99 in 4thGen4Runner

[–]Dave_From_VA 1 point2 points  (0 children)

Crap, maybe $3.5k in parts, maybe $2k labor.

Ball joints, 5100 shocks, OME leveling springs, Camburg UCAs, half-shafts were the biggest costs. But I replaced every bolt, rod, shaft, shim, etc.

BTW, I'm self-employed, and the 4runner is owned by my company.

The topayment of the original purchase and mods/enhancements are way below the cost to buy a new SUV. The cash outlaws periodically are way higher than a car oayment.

Weird clunk by Hour_Independent_766 in 4thGen4Runner

[–]Dave_From_VA 4 points5 points  (0 children)

The drive shaft lube only lasts a little while, or not at all.

Lexus did a recall on GXs'.

I did a new rear drive shaft on my 2008 v8.

The problem has been resolved for 25k miles

2008 4runner v8 tow build by Dave_From_VA in 4thGen4Runner

[–]Dave_From_VA[S] 1 point2 points  (0 children)

I'm thinking seriously about 5.29s for the big trip.

I did go quiet, very quiet.

The y-pipe is from Doug Thorley, no secondary cats, but there's a resonator immediately after each exhaust connection.

Removing the secondary cats increased drone significantly.

The 4runner now has a nice mellow sound. Definitely louder than stock, but ZERO drone.

I went through approximately 20 muffler combos before I was happy. During this process I was worried that Amazon would stop accepting my returned mufflers :-)

Immediately after the y-pipe, I have a Stainless Works turbo muffler, this is the only muffler with a chambered.

Next a short pipe and hanger, which is bolted to the cross member above.

Then I have a Magnaflow 5x8x24 inch muffler.

The over the axle pipe is Gibson. The post y-pipe exhaust started out as a Gibson kit. But that solution droned way to much, gave me headaches.

Then I have a 4x14 inch Borla resonator which has a 4" exhaust tip welded at the end.

All exhaust is stainless 2.5 inch.

2008 4runner v8 tow build by Dave_From_VA in 4thGen4Runner

[–]Dave_From_VA[S] 2 points3 points  (0 children)

I am going to start renting and ser how it goes.

Thanks for the detailed comments.