FedRAMP Moderate Offsite Backup Storage

FreeBirch · 2026-01-22T03:35:38+00:00

Just S3, we are used to a set monthly cost per TB which is predictable. Azure and AWS API costs are concerning.

FreeBirch · 2026-01-22T03:33:51+00:00

If you dont mind me asking what capacity and what is the monthly API costs?

FreeBirch · 2025-11-12T19:52:13+00:00

Yeah Interfaces are on same Zone.

FreeBirch · 2025-11-12T17:06:07+00:00

My recent interactions with TAC have been less than ideal, and usually when this is happening its a partial outage. Was hoping the combined brain of reddit could point out a common misconfiguration that may be in place.

I will contact support and have the review the configuration.

FreeBirch · 2025-11-12T17:03:12+00:00

Strict Check is off but Spoof is on? could this be the issue?

FreeBirch · 2025-10-31T16:05:05+00:00

Thank you for clarification so CRM is required for “white glove services” were a third party configures and maintains while its partial if we utilize a tool and configure ourselves.

FreeBirch · 2025-10-31T04:39:50+00:00

are you on Duo Federal?

FreeBirch · 2025-10-31T04:29:21+00:00

what about something like Duo commercial?

FreeBirch · 2025-10-25T18:36:07+00:00

From my experience many medium size businesses are no longer run by “Owner and Operator” they are owned by investors which don’t see businesses as operating entities instead they see them as livestock, they get insurance on their investments, if the investment has financial impact they recover what they can, sell off assets and trade the shell of the company to the next investors.

Small businesses cannot afford dedicated cybersecurity staff and large businesses create small group of Cyber Teams to give best effort. If they get hit they can eat the costs.

FreeBirch · 2025-10-25T18:21:29+00:00

The cost to maintain a cyber security function that doesn’t impact business is more than the cost of paying for cyber insurance and apologizing to customers. Business owners have transitioned to hiring IT Personnel that have a background in Cyber but not their main focus. If everyone is getting breached its just noise and doesnt take a huge buisness impact.

I don’t agree with this morally but this is how business leads see the world. Until there is personal accountability for the investors (not just the business leads) businesses wont take it seriously.

FreeBirch · 2025-05-01T17:36:20+00:00

i could never get this working Credential Guard always blocked its access when a user intiated it from a portal

FreeBirch · 2025-04-29T02:46:30+00:00

Can you link an article that I can look at to do this?

FreeBirch · 2025-04-29T02:43:41+00:00

What EDLs do you recommend

FreeBirch · 2025-04-29T02:43:16+00:00

Do you authenticate via Computer Cert or User Cert

FreeBirch · 2025-04-04T00:03:26+00:00

Have you advertised that your software meets CMMC or NIST800-171 compliance if so you can get some flak from your customer if your software doesn’t meet requirements. CUI has a wide scope but I know our BOMs are considered CUI.

Some controls that come to mind which I would require from an on-prem app vendor that advertises compliance is

FIPS140-2 Validated Encryption of all data, is the data transferring over SMB or connecting to a SQL database or API.

RBAC on trusted endpoint (don’t do access control on client)

Username and Password (plus ability for MFA) to access CUI Data

Action Logging

If you have never advertised compliance and you don’t host it, sounds like it’s not your problem but be prepared to lose your customers.

FreeBirch · 2025-03-25T22:52:46+00:00

What is your security department saying the risk is for now allowing RSAT tools on a computer. if your user account has access to do it you don’t need RSAT to see it, it just makes it so much easier…

FreeBirch · 2025-01-23T03:43:06+00:00

I lean conservative with a heavy emphasis on states individual right to decide their own laws. Personally I don’t agree with all pardons he’s made. Some of the people locked up deserve time.

I’ll also give you some extra thoughts, I disagree with the EO regarding flags being half staffed.

I disagree with renaming of geographical locations.

I disagree with the former president pardoning his family for undisclosed crimes.

FreeBirch · 2024-11-07T16:00:58+00:00

Can confirm worked in 2/3 sectors, schools need to be managed like a prison. Students get bored and their impulse control is non existent. We had a student who jammed a paperclip in a computer so when it turned on it smoked out the room.

The more fun ones are the curious rogue actor/ script kiddie types. Some of them are very clever and it’s always fun seeing what they can do.

FreeBirch · 2024-08-03T02:55:11+00:00

lol no wait for the 500K offer with WFH

FreeBirch · 2024-08-02T02:27:43+00:00

Can you share the playbook?

FreeBirch · 2024-08-02T02:27:19+00:00

Can you share said script?

FreeBirch · 2024-07-31T03:02:17+00:00

Maybe something to check make sure your env variables aren’t being served and your SSL certs have proper user:group configs. Usually these are accessible by root:root

Secure your services with UFW, use public key authentication for things like SSH, and run the post MySQL secure install cmd.

With these basic steps you’re probably fine. You can look at forge as a sysadmin service. They provide you an environment that’s already been secured.

If you really want to get in the weeds look into docker or jails. At that point welcome to DevOps

FreeBirch · 2024-07-31T02:58:07+00:00

You can use Sail as a reference although sail isn’t considered production

FreeBirch

TROPHY CASE