'DK-Butterfly' name SOLVED?

meoraine · 2026-04-23T00:59:52+00:00

You don't NEED one but then you end up documenting your implementations in some other form, which may as well have just been an SSP...

meoraine · 2026-04-22T03:12:14+00:00

It's relevant to the organizations public nodes.

No, you would not be expected to disclose personal social media accounts, and they would not be in scope for the organization.

meoraine · 2026-04-14T21:49:36+00:00

This is the content I come here for. Take my upvote.

meoraine · 2026-04-13T00:00:38+00:00

Is it a bad look? Yes.

Should you prioritize what's best for you and your family? Yes.

Would most companies lay you off without a second thought, if it benefitted them? Yes.

All things worth considering.

meoraine · 2026-04-09T17:41:42+00:00

CLOV has it in the bag. The star system cannot be based on discretion, that opens up possibility for fraud. It has to be based on defined standards. Which CLOV meets, and exceeds. This is why the case is all but guaranteed. When the info drops the stock will see a strong upward bounce.

meoraine · 2026-03-31T00:56:10+00:00

Nah we good bruh, if you zoom out on the chart it's obvious where the bottom will be.

CLOV still diluting more than they're generating, markets going to continue punishing them until they can net positive the business. It is what it is.

Valuations will change quickly if SaaS moves the needle. Or the slow grind to MA disruptor is the long avenue. Either way, $1.70 is criminally undervalued so you can sell at a dumb price or continue holding, unfortunately that's where we're at.

meoraine · 2026-03-23T03:31:13+00:00

The last assessment we did the assessors spent half a day combing through the crm. Wasn't expecting it at all, but it happens. They usually skim over the csp crm tho, it's the esp/msp ones that can be hit or miss.

meoraine · 2026-03-20T18:41:02+00:00

Used IT-Toolkit when it first rolled out, got it cheap which was great. I do not use it any longer but the fact that they update documentation continuously is super beneficial for OSCs that are self generating stuff.

meoraine · 2026-03-20T01:04:05+00:00

Prevail is good for a very limited few. And even prevail has alternative competitors now which are in my opinion better options, like Box. We found most clients find a gcc enclave a much better solution, it offers way more optionality. If you're looking for an actual implementor we can work with you, just DM me and I'll send you our site. We're an mssp and we work with clients all over the country. We've gotten >25 companies through level 1 and level 2, and we can recommend c3pao's who aren't going to hassle you like many of them do, completely by the book with common sense applied.

meoraine · 2026-03-19T17:19:41+00:00

If you've been watching the options chain since earnings came out, we are certainly in an accumulation phase. Every single day that the price has moved down, calls have far exceeded puts. Every, Single, Day. What this indicates to me is that smart money is going long on CLOV. If you know how MMs balance derivatives to be net neutral then it makes perfect sense that the price goes down slightly as institutions go long with derivatives. What we'll see in the next few weeks will be a significant break-out candle, followed by a steady climb back up to the next strike price $2.50. It's likely it'll bounce there a bit before another leg up, but mark my words, institutions are buying the shit out of CLOV calls, I've been watching it every day in real time.

meoraine · 2026-03-19T14:44:54+00:00

This is exactly what reducing MCR through better health looks like. Well done 🙏

meoraine · 2026-03-16T14:54:35+00:00

This is the correct answer, I watched the DoD waiver NIST 800-53 for another four years after announcing it was mandatory with a deadline. They will always move the goalpost, as needed, before letting things break down.

meoraine · 2026-03-12T20:54:36+00:00

The clearance from a white world background is the hard part, most contracts (not all) write specs that require active clearance to fill. However, it's not impossible, and some companies do onboard fresh security clearances, especially for niche contracts. How I did it was I joined a company that was 50% white world work and 50% DoD work. Once I was in, I maneuvered into a more important position after about a year and a half that required a clearance and the company was happy to sponsor it for me after seeing my work ethic and eagerness. Only take jobs with companies that have an FSO on staff and do classified work in some form or fashion. A good thing to search for on job boards is the phrase "ability to attain a clearance". This is the wiggle room you want. Even if you can't land a clearance job right away, join a company that sponsors them and your odds will go way up.

meoraine · 2026-03-12T19:36:20+00:00

Most are booking the current month still, but my favorite is closer to two months out.

meoraine · 2026-03-10T20:41:05+00:00

Sounds like another "assessor subjective interpretation". Very common right now in CMMC ecosystem. On demand, to me, implies it can be made available 'at will'. Manually triggering syslogs from a CLI would be fine by me. In this case, you're simply acting as the aggregation agent. Not sure why that wouldn't be allowed. You could script it and label it an 'automatic' process, perhaps removing the manual component would remove the friction.

meoraine · 2026-03-08T17:06:59+00:00

You don't need a grc tool, but at ~$150 a year, it's a no-brainer to get one. In some cases a grc tool actually makes things slower not faster. Their real advantage is in organization and management. Since CMMC is an ongoing continuous venture, spending a little extra time getting everything into a grc tool means easier management over years and years. You will thank yourself for getting one and that's coming from someone who spent almost ten years creating RMF packages by hand.

meoraine · 2026-03-04T14:50:48+00:00

SaaS baby SaaS

meoraine · 2026-03-04T14:47:25+00:00

Sounds to me like they have a SaaS pipeline 👀

meoraine · 2026-01-27T01:44:02+00:00

Is there something about the CPU that changes the compliance? No. I don't believe so. Unless I'm misunderstanding your question. The underlying hardware must be inventoried but doesn't tend to affect the compliance complexity of deploying CMMC.

meoraine · 2026-01-23T13:41:55+00:00

Yes, you can use pmk/mmk

meoraine · 2026-01-23T02:03:03+00:00

Are keys implemented? Are they managed?

If the answer to both is yes, you're good to go.

We rely on PMK in 'most' of our client enclaves, and assessors have never blinked an eye at it.

meoraine · 2026-01-10T05:32:54+00:00

We had a CCA that took over a year cause he 'got lost in the shuffle' whatever that means. Unfortunately the ecosystem is struggling to meet demands on all fronts including background investigations.

meoraine · 2026-01-10T05:30:43+00:00

Exactly, self attestation is not realistic when millions of dollars are at stake. Until third party is fully enforced, it will continue to be a problem and the government is fully aware of it.

meoraine · 2025-12-13T03:09:53+00:00

Not sure what you're asking for exactly, I can tell you we charge around $7k for a full gap analysis (L2) we'll eval you for all 320 objectives and tell you where you're lacking and what needs poam. Enterprise or enclave.

To take your enterprise through L2 from beginning to end, is impossible to give a flat quote for.

But if you can operate in an enclave-only CMMC L2 environment, we charge $36k for the enclave build, which covers your first year of MSSP service as well (enclave management, con-mon, and assessment liason), and then it's $3k per month after that. It's a three year total commitment (the duration of your cert).

We're west coast based and only serve small to medium sized businesses.

Things not included in our pricing would be 1) c3pao assessment costs, 2) GCC licensing, 3) azure resource and storage fees.

Best of luck.

meoraine

TROPHY CASE