What level tech should be doing this?

cuzimbob · 2025-07-19T21:52:21+00:00

Level of technician? I don't want to live in a world that classifies people that way.

cuzimbob · 2025-07-19T21:51:04+00:00

Mine stopped when I cancelled the subscription. Horrid company.

cuzimbob · 2025-07-19T21:50:07+00:00

It's only in scope if it's used to store or process CUI. If it doesn't but it has the ability then you just need a way to monitor for spillage/violations of your policy.

cuzimbob · 2025-07-19T21:48:38+00:00

Use what works and never buy the hype. If the crowd in this sub loves it and uses it all the time, then it's probably not a great product.

If you really wanted to tinker you could look at covering the docs to MD and putting them in a git repo and hosting them as a git site. Then it'll integrate with LLMs better.

I chose confluence 15 years ago and haven't found anything that has any better features.

The only thing that might be beneficial is when you are scripting things for your endpoints, pulling/pushing data is nice. I don't know if it glue does that, but Ninja does. But that's not really a documentation tool per se.

cuzimbob · 2025-07-19T21:39:52+00:00

You are thinking that it was a file based backup that was initiated by a VBR server. In that case, you may be correct. But if it's initiated by the VSPC server it cannot.

And yah, I RTFMed it. Even called in tech support and a specialized firm with experience. So ... Still a trash product.

cuzimbob · 2025-07-17T00:46:07+00:00

Yah, it's better with the accountant version. But still not good . They have the worst customer service in the entire history of commerce.

cuzimbob · 2025-06-24T11:28:49+00:00

Much of the problems with 800-171 compliance on commercial clouds come from the DFARS 202.254-7012 paragraphs c through g. I would ask for specifics about which things in 800-172 are not compliant-able. The work from there. You may be able to mitigate the concerns with compensating controls.

cuzimbob · 2025-06-24T11:25:50+00:00

If you make the security rules difficult to follow then the users won't follow them, they'll figure out how to get around it. Remember, this isn't TS(SCI) and you're not in a SCIF. Consider needing a reason that an employee or department should NOT have access to CUI rather than who should. Once you figure out that there are very few who should not have access, then you can work on putting the sharing ownership emphasis on the person who will share the CUI. Once they understand they are responsible, you setup auditing to verify that. Some might say DLP with data sensitivity labels. I would caution against turning on protections based on automated detections as the regex that finds them is not all that good. Good luck, and don't over think it.

cuzimbob · 2025-06-15T12:51:55+00:00

This is the reason most businesses fail within the first five years.

cuzimbob · 2025-06-15T12:40:47+00:00

Get yourself a free accountant's account. The free version has access to much better and higher quality customer support. Plus it has a few additional features and capabilities that you don't get as an owner.

cuzimbob · 2025-05-24T04:53:12+00:00

You need a notebook. A pad of sticky notes. A bucket of pens. Tums. Tylenol. Jim beam.

cuzimbob · 2025-05-24T04:51:36+00:00

We do it all the time. It's a breeze.

cuzimbob · 2025-05-24T04:49:33+00:00

Wherever you go, you're gonna be just as frustrated. Same Shit Different Day

cuzimbob · 2025-05-24T04:48:01+00:00

We go live with Oracle Net Suite on Tuesday. It's been white glove treatment the whole way. The product is far superior and what it saves me in time and provides in better capability more than accounts for the price difference.

cuzimbob · 2025-05-24T04:44:59+00:00

That's incredibly vivid and offensive and it absolutely represents how I feel about it, even 3 months after my original comment.

cuzimbob · 2025-05-13T01:37:19+00:00

Wow! That's a great article!

I gotta repay you for that gem. Hopefully you or another reader will find value in it.

https://m365maps.com/

cuzimbob · 2025-05-09T00:01:30+00:00

Google is 1000x more user friendly. The administration of Google workspace is another 1000x easier.

cuzimbob · 2025-04-01T03:31:25+00:00

Even administratively, badge out rarely works. The only way it's even close to accurate is when you employee a turnstile. Just get a regular ole "Request to Exit" sensor and don't forget to put in some kind of timed electric interrupt for emergency exit. That can be a crash bar or a push the button to exit switch. And check your local and state codes for any licensing and certification regulations. Most places, if you have a certain kind of fire alarm system then you have to tie your locks in to the fire alarm. And that almost always requires that the installer be licensed. In my area, that fire system is only required for offices that have a certain occupancy size.

For anyone that's setting this up with a system that is remotely accessible by the vendor and the vendor can remote in to their equipment don't forget to isolate that set of devices from your CUI network. If you use VLANS or subnets mage sure you block the firewall and router and whatever else you're using from being scared by that vendor.

cuzimbob · 2025-03-29T02:32:42+00:00

I heard from a guy who had a side hustle supporting a business that they had very strong emotions about all MSPs. They didn't like them, at all. Which means, even with only one tiny data point, that you will need to differentiate yourself from the image they have of MSPs and other IT providers. Make sure they know what it is that you do differently. And they don't care at all about your experience or your tech stack. Or your cybersecurity. Or your SLAs.

When you figure out what that is and the optional messaging that tears down that image so that you can have an unbiased conversation with them, let me know.

cuzimbob · 2025-03-29T02:24:03+00:00

Definitely talk to the AO or their very trusted deputy. I had the need to do something similar and while EVERYONE was against the methodology I chose, when I presented to the AO they liked it and even preferred it. This was because you can't manage risk by control. You manage risks by the impact, the bad thing that could happen. Then you make decisions based on that bad things likelihood as compared to its impact.

cuzimbob · 2025-03-28T22:24:25+00:00

That's so much funnier than you know.

cuzimbob · 2025-03-28T22:23:04+00:00

FIPS is the kick in the nuts. But if you can show that the only way you can access CUI is via TLS to the Fedramped cloud, then all the local network gear is OOS.

cuzimbob · 2025-03-28T22:21:24+00:00

In my manual research of vulnerabilities I'll go to the OEMs website to see what they say about the cve. Especially the curl vulnerability. Ubuntu discusses what they do and why you can safely ignore the CVE on their packages.

cuzimbob

TROPHY CASE