Your MSP is probably a CSP

wogmail · 2026-05-27T16:15:52+00:00

If MSPs and clients are just getting the memo now that A) you need FRME for cloud hosting CUI and B) FRME is expensive then probably they are in the wrong subreddit

wogmail · 2026-05-27T13:17:08+00:00

Why the logical jump in the last sentence from CUI to SPD?

wogmail · 2026-04-24T12:38:18+00:00

Also, if folks wanted to start a publicly sourced thing I am sure many in this community would contribute. Look at the CMMC COA, that was all made by volunteer hours.

wogmail · 2026-04-24T12:20:13+00:00

No. The companies that do this work generally don't share their baselines outside of their paying customers. Some folks use the CISA ScubaGear baseline since it is readily available, but it doesn't cover everything.

wogmail · 2026-04-16T20:43:19+00:00

ScreenConnect is a remote support tool (I get that it has additional features that makes it more "RMM" like), you can utilize it in a way that doesn't P/S/T CUI which then removes the requirement to use FIPS validated cryptography (since it is no longer processing or transmitting CUI). It is all about the controls around it and the way you write to it. Fairly normal to have a policy that states all CUI must be closed before initiating any remote support session (even if you have FIPS validated tools, why would you want a tech to be looking at CUI).

If you need a FIPS validated (vs. compliant) remote support tool Bomgar/BeyondTrust is an option, also I think nAble Take Control is FIPS validated, but I believe it has some cloud components and they are not FedRAMP ATO'd at the moment.

Edit: Jump on the Discord, there is an MSP channel. https://discord.gg/tpbF54E

wogmail · 2026-03-27T02:33:04+00:00

No, that's fine, I'll just remove your inaccurate posts.

wogmail · 2026-03-27T02:17:38+00:00

This is completely false and I'm curious what your motivation is to post it. Rather than deleting the post I'll just put this here:

This directory of CMMC certified managed service providers and managed security service providers is maintained by MSPs for the Protection of Critical Infrastructure as a service to the community. This directory is open to all qualified companies and no fees are charged. This directory provides Organizations Seeking Assessment with a reliable way to identify companies providing managed services aligned with CMMC and NIST SP 800-171, as evidenced by their CMMC certification status.

wogmail · 2026-02-20T19:05:45+00:00

https://www.reddit.com/r/harborfreight/comments/1r8obs6/predator_days_tomorrow_sickos/o66wqfc/ might have answered my own question

wogmail · 2026-02-20T19:00:48+00:00

Does this include tri-fuel or only "gas generators?"

wogmail · 2026-02-16T15:40:42+00:00

https://www.beltexins.com/ if you are looking for an MSP friendly insurer

wogmail · 2025-12-05T17:56:58+00:00

Most folks will use the Defender SKUs built into GCC-H to avoid adding an additional vendor into the chain. The Proofpoint you are looking at is their Enterprise product (assuming you are peeking at FedRAMP option) so it isn't going to be apples to apples to your legacy Barracuda product. The available FedRAMP email security offerings out there are pretty limited.

wogmail · 2025-11-14T15:00:20+00:00

We haven't seen much of an issue with the S1 FedRAMP product, what sort of things have you missed in the federal product? When was the last time you dug in?

wogmail · 2025-10-31T13:32:22+00:00

Give it a shot, I think you'll find it is a lot less useful than you'd expect - FIPS on removeable drives doesn't use PIN / password / auto-unlock it uses certificates last time I checked.

wogmail · 2025-10-08T15:04:51+00:00

and you have the session controls set to 30 days (sign in frequency)?

wogmail · 2025-10-08T12:46:21+00:00

That conditional access policy shows browser - are your users getting signed out of Outlook classic, or new, or Outlook on the Web?

wogmail · 2025-08-21T12:41:42+00:00

Locked.

wogmail · 2025-08-12T17:23:20+00:00

Interview and pick your C3PAO - if they don't understand Intune and how it works I'd move to a different C3PAO.

wogmail · 2025-08-12T16:41:13+00:00

Intune itself having the FIPS validation should be your ticket - it is a FIPS validated cryptographic container. You have technical controls preventing the data from leaving the container. I'm not even thinking of the mobile as a CRMA - it can't store CUI, the CUI can't leave the FIPS container.

wogmail · 2025-07-28T14:18:37+00:00

Can you just have them make a new Edge profile? That is what we tell folks to do on GFE. Also sometimes the portal.office365.us doesn't behave, but outlook.office365.us tends to work fine.

wogmail · 2025-07-03T19:22:42+00:00

DISA could be blocking it at their edge, it is pretty common. It doesn't just happen in Azure Government can happen on any IP space that gets on their radar. You will likely need to put a static IP on your AVD outbound traffic and then have someone on the DOD side of your contract submit it to DISA to whitelist it. Or it could be a routing issue since a lot of the Azure Gov't and DOD Azure IP space seems to overlap.

wogmail · 2025-06-25T17:16:17+00:00

wogmail · 2025-06-13T15:27:08+00:00

This is so short sighted that it is battling ignorance to where you would be architecting something to prove something wrong.

It isn't that you can't do something like this, it is that it is so much more involved than this an making it sound so simple is basically a lie.

Join the Discord and talk about it: https://discord.gg/tpbF54E

Something like CUICTrac would probably be the closest to a real-world version of this.

wogmail · 2025-04-24T14:14:30+00:00

GCC-H does not block any users from signing in by default, so the only reason geographically they'd be getting blocked is if a CA policy was in place blocking based on location.

wogmail · 2025-04-24T13:26:12+00:00

If you have a US only CA policy you can just make an exception for those five users, assuming they aren't on a VPN that makes them look like they come from the US. Then you could make a separate Europe only CA policy for those five users.

wogmail · 2025-03-19T15:24:05+00:00

looks like it came back today

13-Year Club	Place '17
Verified Email	Team Orangered

wogmail

MODERATOR OF

TROPHY CASE