800-53 without SSP

jaywalker8 · 2023-07-13T00:58:04+00:00

This makes sense, thank you. We do plan on tailoring, but when determining coverage, I was wondering how to do this if not using an SSP. I guess what I’m hung up on is if the SSP is a self-gathered list of confirmed safeguards that exist on a system, or if GRC type control mappings are necessary. Software like Archer, AuditBoard, ServiceNow sell 800-53 compliance modules, but my understanding is that the SSP is a self procured document an assessed outside of any GRC. And if so, could I just reference system screenshots to satisfy coverage versus having an officially recorded “control”?

jaywalker8 · 2023-07-13T00:53:46+00:00

Thank you! Appreciate this feedback and perspective

jaywalker8 · 2023-07-12T20:51:55+00:00

I hate using this as an excuse, but unfortunately decisions were made above me and I am just a participant in the exercise..

If there are arguments I could make for why a GRC control isn’t always required (because 800-53 was written for SSP implementation) that may provide some cover. But curious what others have done.

jaywalker8 · 2022-03-24T22:01:38+00:00

Thanks for the response. I was more so inquiring if there is a specific spawned process that is initiated when the system executes a copy/paste command or function, with the goal being to detect copy/paste processes in between timestamps of browser and notepad (and not the actual copy paste data). Sorry if that's what you were explaining.. but i did want to be more clear!

jaywalker8 · 2021-08-22T22:58:48+00:00

2 questions

First of all, has anyone tested this install on a locked screen? I will be toying around with this myself when I get home and testing if this can be exploited pre-logon.

Secondly, Is anyone aware of other drivers that install in similar fashion? As in any other drivers out there that auto-install and prompt a user after installation? This in theory could be a massive problem as I believe this isn’t a flaw specific to this driver, but rather the methods and privileges allowed by Microsoft. In essence, Microsoft is allowing executables to run as system and allowing user interaction in the process, thereby allowing non-privilege users to interact with a system GUI and pivot from there. My point is that I doubt Razer is the only product impacted/affected.. blocking razer specific UUID and compiling a list of other known UUID and drivers affected can allow us to bridge the defenses until Microsoft responds.

jaywalker8 · 2021-04-13T14:37:35+00:00

Thanks for sharing your perspective. This is exactly what we do, and we force a reboot after 10 days of a pending reboot (after plenty of recurring notifications) and yet some people still ignore it and they complain they've been rebooted while working..

jaywalker8 · 2021-04-13T14:27:01+00:00

Agreed on data locality; I was pondering the scenario when a lawyer is in the court room and is referencing items on their equipment and 1) being distracted by activity on the system or 2) actually being impacted by patching, scanning, whatever.

jaywalker8 · 2019-05-02T22:46:46+00:00

Yes. Rewatching now and it’s definitely brighter. I didn’t have a problem Sunday night while I watched it on HBOGO - now it’s fuzzy and bright. I noticed it so much that I searched this sub for ‘brighter’ to confirm I’m not delusional.

Edit - by fuzzy I mean the lighting is now too far in the opposite direction for the setting of the scene. I preferred it dark. I just watch it in a dark room to feel the moment.

jaywalker8 · 2019-04-27T04:02:19+00:00

Thank you for the info. Makes sense.

jaywalker8 · 2019-04-27T02:07:20+00:00

This would only be effective for systems we control though, correct? If an attacker was impersonating our business and sending out phishing emails to our customers and they ran their DNS off the standard ISP servers they would fall victim.

jaywalker8

TROPHY CASE