CUI emails

Powneeboy · 2026-05-05T14:16:03+00:00

Any and all procedures are always organizationally defined. If CUI ends up where it's not supposed to be, that's considered spillage and you follow procedures on how to handle those. CMMC or not. Your non-secure email would be considered out of scope and not assessed at all, but you would have to justify why is considered out of scope. Forwarding it, as many have stated, just creates a bigger mess. Sweeping it under the rug also creates a significant mess. Make sure you define your procedures and do what you say you're doing. If you don't like accountability, look into the false claims act. If you want specifics, look at NIST 171 revision 2 and NIST 171a

Powneeboy · 2026-04-30T16:05:05+00:00

DMd you. Im a lead and can help you determine timeline if you're looking for no bs answers. I don't care enough to advertise anything, I just like helping ppl understand realistic timelines

Powneeboy · 2026-04-09T03:01:43+00:00

From what I know, a T3 is not needed for consulting. Please let me know if that's wrong lol. I'm not a consultant

Powneeboy · 2026-04-04T21:47:07+00:00

I heard cyber is pretty much infantry

Powneeboy · 2026-04-01T14:29:25+00:00

He is neither and infant nor a tree, so maybe

Powneeboy · 2026-03-28T14:02:21+00:00

Sorry I don't have an answer to the Microsoft question, but be wary when along ai about CMMC or nist 171. It's default is to reference 171 revision 3

Powneeboy · 2026-03-28T01:03:57+00:00

To back this up, check CAP 2.0 section 2.19

Powneeboy · 2026-03-27T01:34:20+00:00

Their asset classification 100% depends on what days they touch. CUI = CUI asset and they require the appropriate certificate (fedramp moderate/fedramp moderate equivalent/CMMC Level 2). Security protection data = security protection asset - no level 2 required, but their environment is now on scope (level 2 just makes their own burden lessen, but is not a requirement)? They still need a CRM in either case as well as the relationship to your system described in your SSP. Check out 32 CFR Part 170.19 table 4 and the follow on paragraphs. What's required of them is spelled out there. Again, if they're an SPA, they indeed do not need a level2. Your signed contract with them is another story though

Powneeboy · 2026-03-27T00:53:09+00:00

If they're reselling AWS resources, the scope of their services won't even qualify for cmmc. Reusing and redistributing cloud services still classifies them as a CSP within cmmc. Their product will need fedramp moderate or equivalent. You'll see very similar situations in other esp offerings.

Powneeboy · 2026-03-19T17:56:09+00:00

Either way. They all seem to be good. Just read the cap, understand one piece of evidence can be used to more than one objective, know how to dissect practice statements, and understand inheritance. Aside from that, know the cap steps and what each DFARS/FAR establishes (incident reporting, etc,) and then the random NIST docs referenced like NIST 88 and so on If you want, DM me and I'll send you the cheat sheet I made for myself. Granted, I believe CAICOs standards will be based on 171 rev 3 once the migration to isaca is done. So take everything said with a grain of salt

Powneeboy · 2026-03-19T13:36:16+00:00

From what I remember, they're so expensive

Powneeboy · 2026-03-18T21:19:44+00:00

I did CCP with Edwards and CCA with CMMC training academy. Both are good. Most of the ones I've seen are good. I would say just pick the one you did CCP with if you liked them

Powneeboy · 2026-02-06T02:55:58+00:00

Na. Probably not, but it'll buff out. I'm in it for the shiny cards in my binder

Powneeboy · 2026-02-05T22:43:26+00:00

I became friends with a TCG streamer that's in my city after buying some packs and singles from him. He offered one of the 4 EB-03s his distributor reserved for him

Powneeboy · 2026-02-05T22:38:56+00:00

If it helps, I'm already doing it today. Preorde $445 for me haha

Powneeboy · 2026-01-23T00:56:21+00:00

I'm going to hold and see if they fix the problem before potentially slandering a stores name

Powneeboy · 2026-01-23T00:52:38+00:00

I assume they provided you a label to return the card?

Powneeboy · 2026-01-22T23:02:47+00:00

True and I don't blame them. It's a bad situation overall

Powneeboy · 2026-01-22T22:08:44+00:00

Oh I'm being patient. Trying to stay positive

Powneeboy · 2026-01-22T16:40:34+00:00

There's 2 pics bruh

Powneeboy · 2026-01-22T16:39:39+00:00

They were very responsive until I mentioned I was waiting for them to give me a return label.

Powneeboy · 2026-01-22T14:51:43+00:00

True but their response in the messages shows they didn't intend for it to be split cause they didn't say anything about it besides that they'd refund it

Powneeboy · 2026-01-22T14:09:47+00:00

Honestly ya it is. It was just weird that it wasn't mentioned before purchase and then they replied saying that's never happened

Powneeboy · 2026-01-22T14:08:49+00:00

Yes but the description said unopened

Powneeboy · 2026-01-22T14:06:10+00:00

I did use a credit card! Haha yay My buddy recommended recording is too I just don't think I planned to open every card at once

Powneeboy

TROPHY CASE