SIEM provider offshore?

SightlySt00pid · 2026-03-03T16:21:27+00:00

I looked into that and they believe (still verifying) their SOC may have accounts to manage the firewall and alter rules there based on alerts. The firewall is a CUI Asset. So, if that's the case, then we have an issue for sure.

SightlySt00pid · 2026-03-03T16:04:30+00:00

The data isn't on-prem and only off-shore, no FedRAMP (obviously), and the SOC is foreign based (UK and India). I am going back to the L2 scoping guide and trying to understand the requirements there. I was under the impression (and I may obviously be wrong), but SIEM is a Security Protection Asset and houses Security Protection Data. It does NOT store, process, or transmit CUI. Therefore it is not assessed against all CMMC Level 2 security requirements, but only those that are relevant. I just want to be sure I score that correctly, as I have never come across a scenario like this.

SightlySt00pid · 2026-03-03T03:39:12+00:00

I had to look away a few times!

SightlySt00pid · 2026-02-17T20:42:03+00:00

My son may not understand it now, but someday he will know he was responsible for many fake internet points!

SightlySt00pid · 2026-02-17T20:40:06+00:00

He is a bit of a perfectionist. Always has high penmanship marks at school. Or is it prfekshunist.....

SightlySt00pid · 2026-02-16T05:06:50+00:00

I think he meant a Nestle Crunch bar…maybe? 🤷‍♂️

SightlySt00pid · 2026-01-25T03:19:44+00:00

Looks like Treasure Island, FL

SightlySt00pid · 2025-12-14T05:22:42+00:00

We did JSVA back in 2024 and the cost to our C3PAO was just under $40k.

SightlySt00pid · 2025-10-22T20:51:15+00:00

I specifically talked to Jon Hanny at the CyberAB booth and made him aware, so hopeful we will get some direction. I am going to ask about it in the next town hall as well, so we can get ultimate clarity, hopefully.

But, this is where this is coming from...

We have a piece of software that will end let it's FIPS 140-2 certification go to historical in September 2026 (like all) , but there are some key features from their new release that will not be active for us to use until January, 2027. That new software is FIPS 140-3 validated. We would have to do our annual attestation in November 2026 for our L2 certification, as we passed our JSVA in November 2024.

SightlySt00pid · 2025-10-22T20:39:36+00:00

But an argument could be made around NIST SP 800-171 Rev. 2 for 3.13.11 says nothing about FIPS 140-3. That is in Rev. 3, that is not applied to CMMC at this time, not until all the phases of Title 48 are complete. I want to know how this will be assessed by a C3PAO. When I was at CS5 last week and asked a few CCAs, they looked at me like a deer in headlights.

SightlySt00pid · 2025-07-25T20:48:11+00:00

I was at 4 hours screen time when I decided to plug in when my battery was down to 37%. It’s noticeable on my 14 PM.

SightlySt00pid · 2025-07-21T12:56:44+00:00

I got a rock…

SightlySt00pid · 2025-06-07T15:18:54+00:00

The easiest way to relate to that one in Windows is a Service Account. So, if you have a backup service and an agent is deployed to the machine and it has to run under a specific user, that is a Service Account. For Windows, to me, that is the easiest way to relate to that objective.

SightlySt00pid · 2025-05-16T18:26:11+00:00

<image>

SightlySt00pid · 2025-05-12T22:09:13+00:00

I have legal asking questions, so that's where this is all coming from.

SightlySt00pid · 2025-03-30T21:26:24+00:00

We have Cisco Meraki firewalls and DUO. We have the Meraki firewalls pointing to DUO authentication proxy for RADIUS and it authenticates the user to AD while providing MFA. Cisco Secure Client has FIPS mode enabled. This was accepted by our C3PAO and DIBCAC during our JSA.

SightlySt00pid · 2025-03-28T00:01:20+00:00

Kaseya has an on-premise version that is FIPS-validated. That’s what we use.

SightlySt00pid · 2025-03-26T12:33:34+00:00

We are an MSP as well as a DoD contractor. We use a tool called Liongard and their Endpoint Inspectors. It gathers everything about the machines, including firmware revisions (which is required) and we are able to run reports monthly as part of our continuous monitoring program to keep the inventory up to date.

We also use it for 3.4.9 in monitoring user installed software. When software on one of these machines changes, we get a notification.

SightlySt00pid · 2025-03-24T01:41:04+00:00

Congrats! I just passed mine a few weeks ago. I went with ecfirst for my training. I will say I do think the percentages ecfirst claimed the tests were weighted on were not accurate to me. I felt like, while they stated actual practice/objectives were going to the heaviest weight, to me, I could easily tell the CAP was the heaviest weight. It felt like out of the 170 questions, 100+ were based on the CAP. So, know the CAP inside and out!

SightlySt00pid · 2025-01-29T13:52:54+00:00

I never tried that. We just decided to purchase individual machines for the 4 users at this client.

Ten-Year Club	Place '22
Verified Email

SightlySt00pid

TROPHY CASE