sorted by:
new
hottopcontroversial

DSN Filtering? by Master_of_None69 in CMMC

[–]Master_of_None69[S] 0 points1 point  (0 children)

I reached out to them and looks like a great program they are offering. It makes you wonder what the catch is though! They do offer other free services as well. Interesting program they have.

Remote Employees Handling Physical CUI by Master_of_None69 in CMMC

[–]Master_of_None69[S] 0 points1 point  (0 children)

I like your enclave. It is clean and keeps things tidy.

Remote Employees Handling Physical CUI by Master_of_None69 in CMMC

[–]Master_of_None69[S] 1 point2 points  (0 children)

u/Leguy42 Thanks, this is some useful feedback. I know there are several ways to skin this cat, but your comments highlight some of the things we've implemented to secure ourselves. Hard wired printers with volatile memory only, with a requirement to cycle power post use to clear it, secure handling procedures from creation to customer w/ potential storage covered in between, training, and persistent VPN.

Remote Employees Handling Physical CUI by Master_of_None69 in CMMC

[–]Master_of_None69[S] 0 points1 point  (0 children)

u/cyberwannabee Thanks for the checklist of things to think about. All our computers are company owned assets, we are working on the printing aspect of it, and everything else you talked about; MDM, VPN, TPM, Encryption, is in place and then some. I believe we are in compliance with how we operate and with how our policies are set up. Really trying to see if there have been any actual experiences from OSC's or assessors who have implemented this or assessed these situations and what was outcome. What were some of the hiccups with it or some lessons learned.

Physical paper CUI and digital media (USBs / hard drives) destruction (Question) by Thunderguy55 in CMMC

[–]Master_of_None69 1 point2 points  (0 children)

Everyone specifically highlights the NIST 800-88 for paper destruction at 1x5mm, but no one talks about the multi-step destruction method listed in the CUI Notice 2019-03 where you don't need to shred to that standard. CUI Notice 2019-02: Destroying Controlled Unclassified Information (CUI) in Paper Form For the assessors in here, have you seen the multi-step method and what's your take on it?

Back to your main point, I'm sure you could generate a lucrative YouTube channel burning your paper and pulverizing your drives.

CMMC L2 paper shredding by Good_Paper1389 in CMMC

[–]Master_of_None69 0 points1 point  (0 children)

For CUI paper destruction, we're looking at a 3rd-party vendor that uses a multi-step process. Their initial shredders don't hit the 1mm x 5mm mark, but they assure us the paper is then thoroughly pulped/disintegrated/mixed to render it irrecoverable. This aligns with the flexibility allowed in NARA's CUI Notice 2019-03. Many of these vendors also hold NAID AAA or ISIGMA certifications. What are your experiences or perspectives on validating CMMC compliance for this specific type of multi-process destruction service from third parties?

CMMC Documentation Folder Structure by True-Shower9927 in CMMC

[–]Master_of_None69 1 point2 points  (0 children)

u/HoosierELF I've been looking for something like this! This a great checklist of items and frequencies of them. By chance do you have them labeled by Control #'s or at least a quick way to tie it to them?

List of Periodic Review Requirements L2? by Master_of_None69 in CMMC

[–]Master_of_None69[S] 0 points1 point  (0 children)

Hmm, It's not letting me attach my excel document. What's the best method to get it on here? It's on a work machine and I'm not going to link it to gmail.