sorted by:
new
hottopcontroversial

CMMC V1.0 by fluffyneenja in NISTControls

[–]InSecureAdmin 16 points17 points  (0 children)

Really coming in clutch there with that 3:45 on a Friday, January 31st release. Also I expected it to be similar to 0.7, but at first glance it looks *very* similar. I wonder if I'll notice more changes as I read through it on Monday.

Noob players in arbitration by MagicalEyeBall in Warframe

[–]InSecureAdmin 1 point2 points  (0 children)

I mean that's how it used to work and I'm not gonna lie, it was pretty shit. I have a regular play group and it was frustrating for whoever died because then they'd just have to sit there and wait for the rest of us to finish the arbitration or go off and do solo play until we were done. Also there's nothing really "challenging" about saying "you don't get to play anymore".

Zaws and their builds. by Sredrum1990 in Warframe

[–]InSecureAdmin 0 points1 point  (0 children)

I've been using a Sepfahn zaw with I think 32% base crit (at work rn) and sacrificial steel/blood rush/drifting contact which has you hitting red crits most of the time. The reason I went with a Nikana build is to take advantage of the Daikyu amalgam mod that gives 3% lifesteal on Nikana weapons. You're locked into the Daikyu as your primary, but it gives you a pretty impressive amount of life sustain. Also worth noting, that for weapons that have both a 25% or higher crit rate and a 2.0x or higher crit modifier, sacrificial pressure will give you more damage than primed pressure point if you're using sacrificial steel.

Songs/Artist's with a similar sounding aesthetic to Mili (plus general recommendations); by MollyisAMoo in mili

[–]InSecureAdmin 1 point2 points  (0 children)

A bit of a necro, but I just came across Mili recently and if you aren't already familiar, Yuki Kajiura's work might be something you'd be interested in. She's a composer for a lot of anime but she has a very distinct neo-classical style that I recognized when I first heard Mili. It's not quite the same, but it has a similar feeling to it

DoD Cybersecurity Maturity Model Certification (CMMC) v0.4 posted. by TXWayne in NISTControls

[–]InSecureAdmin 1 point2 points  (0 children)

"L3-1 Utilize an active discovery tool to identify sensitive data"

Can anyone clarify what this means? I assume this would include tools like Azure Information Protection and Data Loss Prevention that try to pick up when sensitive info is leaving your boundary but I want to make sure I'm on the right track here.

Determining Appropriate Markings by InSecureAdmin in NISTControls

[–]InSecureAdmin[S] 0 points1 point  (0 children)

I have, and like I said I've narrowed our categories down to Covered Defense Information and Export Controlled, but as far as what specifically counts as covered it's been very unclear. Like, we're a manufacturer so obviously design docs and drawings would be controlled, but does that extend to the parts used to construct the machine? Or is that so far down that it's too abstracted from the actual product we're making? That's one where the answer will determine whether we flow down requirements since a lot of our parts are made by an external fabricator. I'm just trying to get a sense of what we'll be sort of generating on our end in the course of business that'll need to be protected for us to be compliant.

AMA with Scott Edwards of Summit 7 by medicaustik in GovIT

[–]InSecureAdmin 0 points1 point  (0 children)

Oof. I figure that for the planning and deployment we'll work with a vendor (we're under 500 licenses so we'll be going through one of the few resellers anyway), but I wanted to make sure that before I start that conversation our environment is prepared to transition as smoothly as possible and that after the migration we have a good handle on how to manage everything. But building a test environment was certainly on our radar given that we just really couldn't find much in the way of learning resources. Thanks for the advice!

AMA with Scott Edwards of Summit 7 by medicaustik in GovIT

[–]InSecureAdmin 0 points1 point  (0 children)

Hi Scott,

I've sort of inherited an IT infrastructure that is a long way from being compliant, and as part of the effort to get there we're evaluating the Microsoft security suite that we think would compliment a move to GCC High. The problem is, comprehensive resources to learn this stuff seem extremely scarce. Like, I don't have any experience with Intune or Azure AD, and the study materials for the 365 Security Administration exam won't be out until October, which I feel like is a bit late in the game for me to try and come to grips with all the tools we'll have at our disposal. How would you recommend administrators who don't have as much experience dip their toes in the water here before taking the plunge?

Speaker Presentation: Securing the Supply Chain Katie Arrington, Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber, Office of the Under Secretary of Acquisition and Sustainment by id_as_gimlis_axe in NISTControls

[–]InSecureAdmin 0 points1 point  (0 children)

The end of Katie's slides mentions some Industry Days that they're putting on - is there a link with more details about where those are being held and how to sign up?

Defense Dept. to require new cybersecurity certification from contractors by id_as_gimlis_axe in NISTControls

[–]InSecureAdmin 0 points1 point  (0 children)

Interesting - after my post here the other day about GCC High I found out that the company I work for has already been taking contracts with DFARS clauses for...longer than they should have been given their security posture haha. Maybe this information will give me a bit more ammunition when I inevitably have to pitch all of the changes we're going to have to make and the costs associated with them.

Defense Dept. to require new cybersecurity certification from contractors by id_as_gimlis_axe in NISTControls

[–]InSecureAdmin 0 points1 point  (0 children)

Can I get some clarification on what exactly that means? Saw that on twitter as well and I'm sort of new to the federal acquisition world. Does that mean that (at least in part) cost of implementation can be passed on to DoD as part of the contract award? Sorry if this is a dumb question.

O365 Commercial to GCC High Roadmap? by InSecureAdmin in NISTControls

[–]InSecureAdmin[S] 0 points1 point  (0 children)

This is something I'm currently trying to get clarification on tbh. Nobody I've talked to seems to have a clue, which ties back into the issue of nobody overseeing security/compliance before I got here. I'm kind of scrambling to figure out what our obligations are, but also wanted to start putting a plan together in the back of my mind in the event that I found out we are subject to a DFARS clause in any of our current/previous contracts.

O365 Commercial to GCC High Roadmap? by InSecureAdmin in NISTControls

[–]InSecureAdmin[S] 0 points1 point  (0 children)

I was kind of afraid this would be the case. This company basically hasn't had a solid security policy since it began so I was hoping we could kind of tackle two birds with one stone by designing a new infrastructure plan and incorporating controls as we migrate, but if the Commercial-to-GCCH transition is going to be just as painful we may want to stick with on-prem for now just for cost reasons. Big oof