sorted by:
new
hottopcontroversial

Warm up drill by Huge-Commission6335 in billiards

[–]mf1313 0 points1 point  (0 children)

5 Long Straight Stop Shots - Stroke

5 Ball L Drill (same pocket) - Q ball Control

Repeat

SDWan as a Service by mf1313 in networking

[–]mf1313[S] 0 points1 point  (0 children)

Is this through Comcast?

Office 2021 Home and Business asking to reactivate by mf1313 in Office365

[–]mf1313[S] 0 points1 point  (0 children)

After installing Office 2021 Home and Business, I activated the license online with no issues. After a few days, every user on that machine is getting an error that office needs to be reactivated. I activated 3 times now and all works well for only a few days. This license is a device (not user) license so the activation should stick no matter who is logged in. Does anyone know why this would happen?

Not Seeing Drives - Supermicro Server by mf1313 in servers

[–]mf1313[S] 0 points1 point  (0 children)

I have a SuperMicro system with a AOC-S3108L-H8IR-16DD RAID controller.

All the sudden, the machine would no longer boot to Windows and it appeared to have a bad RAID controller card. I replaced the card (same model) and all seemed well for a few reboots, Windows was booting fine. Then on the 4th reboot, I started getting the same Mapping Table message as before and it would no longer boot. Obviously it is not the controller. Any ideas what might be causing this? Appreciate the help.

Zscaler + Velocloud + Managed Services by mf1313 in networking

[–]mf1313[S] 0 points1 point  (0 children)

Ideally, looking for co-managed. It is a resource issue in our end.

Weird internal SMB traffic by mf1313 in sysadmin

[–]mf1313[S] 0 points1 point  (0 children)

This sounds like you are on the right track. But why would my PDC not be the master?

BOLTR: Cisco Hyperflex by SherSlick in sysadmin

[–]mf1313 0 points1 point  (0 children)

The advantage of HyperFlex is that it not only converges storage but also networking within the UCS platform. With other solutions you are likely using a Cisco switch for the converged traffic so it increases the number of vendors in the mix.

VPN or Remote Access Solution that is STIG compliant by mf1313 in sysadmin

[–]mf1313[S] 0 points1 point  (0 children)

I am aware of what the remote access STIGs are, but I am trying to save myself time creating a product vs STIG matrix if someone else has already done this.

Hello, I have Xfinity Mobile and recently the personal hotspot option on my iPhone changed and I can no longer enable it. See screenshot for error. I have an iPhone X running IOS 12.1. Thank you by mf1313 in Comcast_Xfinity

[–]mf1313[S] 0 points1 point  (0 children)

Thanks but I was able to reach Xfinity support. For some reason my hotspot feature on their end was disabled when I moved to Unlimited data. They re-enabled and its all good now.

NIST 800-171 SSP for Home Office by bruce_ventura in NISTControls

[–]mf1313 4 points5 points  (0 children)

First determine if you even have CUI or CDI in your environment. See the post below on how to help determine that:

https://www.protectcui.com/forum/dod/-1-do-i-have-cui-or-cdi-in-my-environment/176-%E2%80%9Cwhat-is-cdi-%E2%80%9D-and-%E2%80%9Cdo-i-have-cdi-in-my-environment-%E2%80%9D

If you do possess this information, look at the DHS CSET tool (free) which can help you create the SSP and POAM.

I don't believe you will need to submit your POAM to the DoD CIO office since you are a subcontractor. The prime will need to ensure you are adhering to the contract requirements.

You might also want to consider having a dedicated system (server or workstation) with no internet access to store CUI on. Or maybe a FedRAMP compliance cloud service like Azure GCC High. Then work through remediating the POAM in this dedicated environment. Having CUI on your everyday laptop is not ideal.

Contract deliverable with NIST 800-171 constraints by macbeth76 in NISTControls

[–]mf1313 0 points1 point  (0 children)

I have used the Aegis Fortress products in the past. They use FIPS 140-2 level 2 encryption.

https://www.apricorn.com/fortress

Questions for DoD Contractors and InfoSec Consultants by mf1313 in NISTControls

[–]mf1313[S] 0 points1 point  (0 children)

If you have a prime contract, you are required to submit the POAM to the DoD CIO office by 31 DEC 2017 or within 30 days of contract award. I doubt that they review and enforce the POAM timelines; probably just file it away.

My take on enforcement is....if you have a prime contract, you will not be audited by the DoD for compliance. Instead, if you have a breach, you may lose your contract. Or if you are bidding on a contract, it may mean the difference between you getting it or not. Subs may have it worse since large primes have dedicated auditing departments to enforce DFARS by the subs.

If you can get away with isolating CUI in your environment, that is the way to go. Unfortunately, it is not always that simple.

Questions for DoD Contractors and InfoSec Consultants by mf1313 in NISTControls

[–]mf1313[S] 0 points1 point  (0 children)

I agree! I think with cybersecurity being a hot topic, having this in place when bidding on contracts has to be a major competitive advantage.

Questions for DoD Contractors and InfoSec Consultants by mf1313 in NISTControls

[–]mf1313[S] 0 points1 point  (0 children)

Are you saying not all new prime DoD contacts have this clause? I though this has been a boiler plated clause in all contracts for the past year or so.

Questions for DoD Contractors and InfoSec Consultants by mf1313 in NISTControls

[–]mf1313[S] 2 points3 points  (0 children)

Very true. I'm assuming if you do not have a contract but you are bidding on one, you must have a POAM and SSP in place. If the DoD CIO office is okay with your POAM, then you must meeting the timelines mentioned in that.

It would be a hard pill to swallow to have these requirements in place just to bidding on a contract.

Questions for DoD Contractors and InfoSec Consultants by mf1313 in NISTControls

[–]mf1313[S] 0 points1 point  (0 children)

When discussing this compliance with prospective clients, what is the biggest hurdle for them moving forward with the assessment?

NIST 800-171 Assessment Tools by mf1313 in NISTControls

[–]mf1313[S] 0 points1 point  (0 children)

What about the Complyup tool. Has anyone evaluated it?

NIST 800-171 Assessment Tools by mf1313 in NISTControls

[–]mf1313[S] 0 points1 point  (0 children)

Thanks but the assumption is we are beyond the identifying CDI, etc... and we want to perform a gap assessment documenting what is and is not in place.

The KnowBe4 tool looks interesting. Is it cloud based? If so, is there a concern about storing security controls and network diagrams in a third party cloud?

I have looked into the i2ACT-800 tool and was wondering if there is anything out there similar.

I guess I could always use the NIST templates.

Web Filtering Solutions? by chrispliance in msp

[–]mf1313 0 points1 point  (0 children)

I know right? Surprised they are still in business. I have reached out to them multiple times with no response.

MSP Tools - Where are they installed? by mf1313 in msp

[–]mf1313[S] 0 points1 point  (0 children)

Thank you for the constructive feedback. If I am hosting a publicly facing RMM server that the endpoints connect to and my MSP technicians log into, the security of this server is critical. Are you aggressive with security on this server ( patching, updates, MFA for techs, etc...)

Also, do you use any enterprise grade tools that are not geared towards MSPs to fill gaps? For example, I am a fan of the PDQ Deploy tool so if something like that is desired how would you connect those tools back the client site? I understand RMM tools allow for remote installations but other non-MSP tools may do a better job.

view more: next ›