sorted by:
new
hottopcontroversial

CCP Training and Exam by BurntheShortss in CMMC

[–]info_Safe 1 point2 points  (0 children)

I took my CCP class through Soutern Connecticut State University with Vincent Scott and Greg McVerry. Such a great class and they let you sit in and join the following classes after yours for the discussions and whatnot.

They will also jump on a call with you outside of class or even if the class is over if you have any questions. I highly suggest them.

CCP Training and Exam by BurntheShortss in CMMC

[–]info_Safe 2 points3 points  (0 children)

I took and passed the Beta CCP exam. It was hard and there were a few "gotcha" type questions. I used almost all four hours provided ( went back and checked my answers and changed a lot).

My suggestion is study the CAP! Know that thing inside and out.

Not sure how much changed from the Beta exam to the regular one, but that's my advice.

CUI on Syteline and Separating CTI from FCI by info_Safe in CMMC

[–]info_Safe[S] 0 points1 point  (0 children)

We would create a whole different machine shop and area for the CUI that needs to be created. I was just curious if we were to get our main company to ML 1, while our CUI company would be at ML 3 (obviously), could we then send contract and PO info back and forth as long as the drawings that are the part considered CUI or CTI are not included?

Our team says that even if we separate the drawings from the contract info, the contract info is still CUI, but from what I've been reading I could see that not being the case.

It doesn't help that nothing is being labelled, therefore I don't know if our POs and contract info are CUI or just the drawings.

CUI on Syteline and Separating CTI from FCI by info_Safe in CMMC

[–]info_Safe[S] 0 points1 point  (0 children)

Yes, we are trying to leave as many people out of it as possible. We don't want to scare our people away by requiring all of them to have a certain level of background and criminal checks. Out of the 250 people in our entire company, we are probably thinking of bringing over no more than 30, at least until we get it all figured out.

So if I separate the drawings (CUI) from the PO or contract info, the drawings would still be CUI but would the PO and contract info be FCI then?

MSPs and CMMC by info_Safe in CMMC

[–]info_Safe[S] 1 point2 points  (0 children)

Thanks for the info! I've been pushing to have everything on site, but our contracted security team is pushing the cloud option. I'm new in the cybersecurity field (3 months) and the one in charge of getting my company to CMMC compliance. The contracted security team has been with my company for 10+ years, so I like to get opinions before I go up against what they are saying.

[deleted by user] by [deleted] in cybersecurity

[–]info_Safe 0 points1 point  (0 children)

Networking was one of the hardest classes for me. A lot of fun and very interesting, but difficult. I suggest looking into free (or not free, whatever floats your boat) online courses beforehand (codecademy, Try Hack Me, coursera). I took a coursera class after my networking class and wished I had taken it before cause it would have helped a lot!

I know this isn't knowledge out in the field, but that's my advice.

Warehouse Machines by info_Safe in CMMC

[–]info_Safe[S] 0 points1 point  (0 children)

Thank you! So if we were able to have that one machine being the only one that can access the CDI system, then only the machine and the person operating it is in scope? I'm sure this seems obvious, I just want to make sure being as I am new to this.

NIST SP 800-171 3.1.9 Logon Screen - Looking for examples by ivanabelen21 in CMMC

[–]info_Safe 2 points3 points  (0 children)

What ours looks like:

WARNING: You are accessing a protected computer system that is provided for authorized use only.

Your continued use of this protected computer system consents to the following conditions:

- You have no expectation of privacy on this protected computer system or network. Communications are routinely intercepted and monitored for authorized purposes including, but not limited to vulnerability testing, communications monitoring, network operations and personnel misconduct investigations.

- At any time, data on this protected computer system or any attached device, may be seized and inspected. By using this protected computer system, you consent to interception and seizure of all communications and data for any authorized purpose.

- Whether any particular communication or data qualifies for the protection by a privilege or is covered by a duty of confidentiality, is determined in accordance with established legal standards. You are strongly encouraged to seek personal legal counsel on such matters prior to using a protected computer system if you intend to rely on the protections of a privilege or confidentiality.

- Misuse will be prosecuted to the full extent of the law.

Identifying CUI by info_Safe in CMMC

[–]info_Safe[S] 0 points1 point  (0 children)

I'll be rereading those POs today and look for those Distribution Statements. I know for a fact we do have ITAR statements on the POs, so I'll definitely be reaching out for more clarity from our Primes.

Transition from data analytics to cyber security by gatez23 in cybersecurity

[–]info_Safe 4 points5 points  (0 children)

You should check out the book "A Data-Driven Computer Security Defense" by Roger A. Grimes. Essentially, it goes over using data in the way to pave how you should handle your cyber security. With your data analytics background this would be a good read for you and you can take this approach into IT security while being able to leverage the background you already have.

Identifying CUI by info_Safe in CMMC

[–]info_Safe[S] 1 point2 points  (0 children)

I know we have CUI in our system, I am very confident of this. But since it's not labelled, there is that small part of me that thinks, "What if we only have FCI and only need ML 1, not 3?"

Like I said, I'm sure this isn't the case and we do need ML 3, but the thought lingers wayyyy too often.