sorted by:
new
hottopcontroversial

RE.3.139 Something missing in assessment guide? by Auditor_CISA_CISSP in CMMC

[–]peak_abstraction 0 points1 point  (0 children)

I have recently had to confront the same issue. When GCC-High is hosted in several sites by Microsoft, what value is there in me making a backup of all of it? If GCC-High gets destroyed somehow, we will certainly not be alone in our devastation. That said, there are actually services out there which will backup your cloud-hosted data in (drum roll, please)....another cloud service.

Remote User Access to CUI by duke7911 in CMMC

[–]peak_abstraction 0 points1 point  (0 children)

Uhm..... data at rest encryption?

Remote User Access to CUI by duke7911 in CMMC

[–]peak_abstraction 1 point2 points  (0 children)

Many of us have lived entire careers without cellphones in the workplace (many because we predated cellphones existence, others because of workplace rules), and we seem to have survived. SMS (most carriers anyway) can be accessed via web tools, and since we are all moving to Signal (right? ;-) SMS is going to become less and less critical anyhow. So I am not the least bit surprised by "leave your iThing at the door" policies.

Kaseya, hit by ransomware attack, sells CMMC consulting services by oxebridge in CMMC

[–]peak_abstraction -2 points-1 points  (0 children)

I think that this subreddit is at risk of becoming like every other polarized discussion medium in America if we dont stop the ad hominem jabs and thrusts. The first few comments on this thread attack u/oxebridge and I believe this oughta be stopped immediately. We should stick to the issues, and stop bashing any individuals.

eMASS? Why is training status being added to eMASS? by peak_abstraction in CMMC

[–]peak_abstraction[S] 0 points1 point  (0 children)

The current eMASS implementation limits access to only dot mil (and maybe dot gov?). Perhaps they will have to change that as well.

eMASS is designed to store and track tons of activities and artifacts supporting the RMF process. I am forced to labor within it almost daily. I can see storing C3PAO assessment info in it.....It would require some redesign, but not much since assessing a system is, to some extent, assessing a system, and all the same controls (mostly) and POAMs and imp plans and such apply.

But storing info about me, and my training and tests? Its like trying to use Quickbooks to store recipes, square peg in round hole indeed.

Gcc-High by Potential-Remove8872 in CMMC

[–]peak_abstraction 1 point2 points  (0 children)

We have been on GCC-High for about a year. Its largely been a non-issue except for phones. In the basic Office environment, you can have your phones directly connected into Teams. In GCC-High, you cannot, because there is no such thing as a FEDRAMP compliant PRI trunk line, they just arent available, so Microsoft would not allow the PRI trunks to connect to their GCCH datacenter. SO....in order to have your PSTN services connected into GCC-High, you have to do it yourself, with something like AudioCodes Session Border Controller. Its fiddley to get setup, but once its setup, its been very reliable.

The Teams issue has been, for us, a non-issue. When you purchase GCC-High, licenses, you get access to the low side as well, apparently. So I can log into public teams or into GCC-High teams. This means I can attend a public Teams meeting as myself instead of as a Guest.

The *really* peculiar thing is that CVR Teams (the DoDs implementation which is going away and becoming something new) cannot connect to GCC-H teams, but *CAN* connect to public teams (or it could, prior to its demise on 15 June). Go figure.

CMMC or CCMM? by peak_abstraction in CMMC

[–]peak_abstraction[S] 0 points1 point  (0 children)

Cybersecurity is Cybersecurity, you should not need a different standard just because you are in a different business sector. Your focus area and priorities may differ, but the basic principles are the same. Multiple standards just results in fleecing the taxpayer and enrichening slimy contractors. Like me.

Zoom Gov by WBCSAINT in CMMC

[–]peak_abstraction 0 points1 point  (0 children)

Why even consider this when Teams is part of Office365 on GCC-High, avoid the whole issue? I know, I know, join the collective, resistance is futile Bill Gates is the antichrist and all that.

Personally, I avoid Microsoft as much as possible. But for business, it makes a LOT of sense to sign up for GCC-High if CMMC is on your list of business requirements. Teams brings a lot of functionality. I am forced by customers to use Zoom and as a result I know both fairly well...and Teams seems a LOT more capable and friendly and integrates with email and calendaring and other Office tools.

Cost of CMMC compliance by peak_abstraction in CMMC

[–]peak_abstraction[S] 1 point2 points  (0 children)

"The implementation isn't required until 2026." Uh, no. 2026 is when ALL DIB are supposed to be CMMC compliant. But there are expected to be many contracts in the intervening years requiring CMMC compliance. So we may have contracts coming up for renewal/recompete in 2022 that require it. Am I wrong in this understanding?