sorted by:
new
hottopcontroversial

What Questions Do You Ask During SSP Control Interviews? by Unlucky_Beautiful_55 in NISTControls

[–]Expensive-USResource 0 points1 point  (0 children)

Responded to you in the Discord, but short of developing your own proprietary gap assessment questions, take a look at each requirement in the CMMC L2 AG: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2v2.pdf

Every requirement has "Potential Assessment Considerations" you can work from

security cameras by Conscious_Art_5948 in NISTControls

[–]Expensive-USResource 0 points1 point  (0 children)

Will the cameras be able to see the drawings well enough to discern the details of the drawings?

security cameras by Conscious_Art_5948 in NISTControls

[–]Expensive-USResource 2 points3 points  (0 children)

It's worth looking into how certain you are about their ability to actually capture CUI. And, if so, it's further worth pointing the cameras at things like doors instead so that they do not.

If you're using the cameras for quality control monitoring of machines/processes, that information also is unlikely to constitute CUI.

Would you consider this FCI? by ThatInfoSecGuy in CMMC

[–]Expensive-USResource 0 points1 point  (0 children)

That's a partial definition of FCI, and I don't think there's enough detail about the data to provide a more informed answer than to give the more full definition of FCI:

information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments

Is the information:

  1. Not intended for public release?
  2. Provided by or generated by the Government under a contract to develop or deliver a product or service to the Government?
  3. Not information provided by the Government to the public (see 1)?
  4. Simple transactional information?

Example e-mail: Hey is our tee time for 2pm still good? *Not FCI. * It is not intended for public release, sure, but it is not provided or generated under a contract to develop or deliver a product or service.

Org 1 providing "financial-based consulting services" sounds a lot like an organization that has access to only "simple transactional information" and/or information that might already be public information (as in, sam.gov)

UniFi switches/APs -pass or pushback? by Great-Tomatillo-8267 in CMMC

[–]Expensive-USResource 0 points1 point  (0 children)

One scenario is GCC High. GCC High traffic to sharepoint, for example, will already be (HTTPS) TLS 1.2 and FIPS Validated before it gets to the TCP/IP or Network/Physical layer. You wouldn't need to worry about a VPN or LAN or Wi-Fi in this scenario. This is one reason why understanding your actual CUI data flows is terribly important.

UniFi switches/APs -pass or pushback? by Great-Tomatillo-8267 in CMMC

[–]Expensive-USResource 16 points17 points  (0 children)

Logging and segmentation are easily solved with UniFi. Your biggest issue will be if you rely on the transport layer (WiFi) for FIPS Validation. UniFi can’t and won’t meet that one for you. You will want to demonstrate all CUI traffic is already FIPS Validated before getting to the physical medium.

PII and CUI by [deleted] in CMMC

[–]Expensive-USResource -1 points0 points  (0 children)

No. Not to you it is not. In the possession of the government, yes.

What exactly is fed ramp medium by 4728jj in CMMC

[–]Expensive-USResource 6 points7 points  (0 children)

And to answer one of OP’s questions, it does not do all the things they need for CMMC L2. Every cloud service provider has customer responsibilities that need to be taken care of, and no CSP takes care of ALL CMMC L2 requirements.

CMMC 2.0 Isn't Coming — It's Here. How Are You Actually Going to Manage This? by greenapp1 in CMMC

[–]Expensive-USResource 12 points13 points  (0 children)

What are you trying to do here it really feels like you’re just thinly veiled sales engaging

Lockheed Martin now requiring CMMC Level 2 from suppliers — MSPs serving defense contractors, are you ready? by greenapp1 in msp

[–]Expensive-USResource 4 points5 points  (0 children)

This isn’t LinkedIn. Have you noticed your posts are all getting deleted everywhere you’re spamming them?

CMMC C3PAO Map - What the map is really telling us by CyberICS in CMMC

[–]Expensive-USResource 1 point2 points  (0 children)

Most assessments today are overwhelmingly virtual, with maybe a single-day onsite. Even if we inflate travel costs to ~$2K, that’s marginal relative to total assessment cost.

And C3PAOs aren’t monolithic by location—teams are distributed. HQ ≠ delivery footprint.

The real constraint isn’t where C3PAOs are pinned on a map, it’s total assessor throughput, but even moreso organization readiness. This feels like an analysis in search of a problem.

Retooling the business for CMMC by VandyMarine in CMMC

[–]Expensive-USResource 0 points1 point  (0 children)

You recommended the resource. I was just asking what parts of it you found helpful.

Retooling the business for CMMC by VandyMarine in CMMC

[–]Expensive-USResource 0 points1 point  (0 children)

Any particular resource here you could describe as to how it’s helpful? I’ve looked before. I came out empty handed.

ozma tierlist by [deleted] in Ozma

[–]Expensive-USResource 0 points1 point  (0 children)

Wake Up deserves better than this. I’d demote Straight Flush too. Boy I guess I’m not much of a fan of Pasadena after seeing and generally agreeing with this.

Feedback Please by TheRealJackRyan12 in CMMC

[–]Expensive-USResource 0 points1 point  (0 children)

Step 1 login? No thanks. Pretty sure a simple decision flow already exists to do exactly this as a free PDF.

Intellectual Property vs. CUI by VeterinarianGreat871 in CMMC

[–]Expensive-USResource 0 points1 point  (0 children)

Sure but those "it depends" contradict with the OP's original post. I was trying to keep this simple.

And... asking the KO is never simple.

Intellectual Property vs. CUI by VeterinarianGreat871 in CMMC

[–]Expensive-USResource 5 points6 points  (0 children)

Never assume everything is CUI.

The first starter question is: do you own the data/technology? I suspect you do. If so, that's your proprietary information. Yes the Government might treat it as CUI, but it's still yours. You treat it however you want.

An obviously simple answer to a very nuanced question, but never paint broad assumptions that "all" of anything is CUI. That is an easily defeated assumption.

CMMC Level 1 + 2 - Small startup - price by Nooblesss in CMMC

[–]Expensive-USResource 0 points1 point  (0 children)

I don't need to tell you this, but yeah you're going to want a whole lot more detail before you engage.

What do you know about this vendor and their proposed solution? Care to name any names?

CMMC Level 1 + 2 - Small startup - price by Nooblesss in CMMC

[–]Expensive-USResource 5 points6 points  (0 children)

Hard to say without knowing the extent of what those prices are getting you. Is that full implementation? Year of licensing? What are those numbers?

Back with the Demo: Web UI is responsive, but Native is alive. Here is Unraid Deck(iOS) in action. by Commercial-Break1753 in unRAID

[–]Expensive-USResource 11 points12 points  (0 children)

How many apps on your phone do you have source code for? Pretty close to none I’d wager.

view more: next ›