-
Automation: Comparing Account Inventory to Active Directory Accounts
This is the first time I have shared something like this. I’ve actually created a ton of python scripts to automate things that need to be done at…
4 min read
-
Microsoft Defender vs. Mobile Code
How Defender blocks mobile code. CMMC Practice SC L2 3.13.13 – Configure attack surface reduction, setup WDAC, setup real-time protection.
4 min read
-
Security Protection Assets and Security Protection Data in CMMC
What Are Security Protection Assets (SPAs)? SPAs are the tools, systems, and personnel that provide security functions or capabilities within the CMMC assessment scope of an Organization Seeking…
4 min read
-
CMMC Practice 3.4.7 – Ports, Protocols, Programs Functions, and Services
TL;DR: Simplifying Essential Features for Compliance The Goal: Restrict and disable nonessential programs, ports, protocols, functions, and services to reduce your system’s attack surface and improve security. Challenges:…
4 min read
-
CMMC Level 2 Self-Assessment or Assessment by a CMMC Third Party Assessment Organization?
Given the choice, most companies would choose a self-assessment over a third party assessment. Isn’t that what CMMC was trying to get away from? The decision of whether…
4 min read
-
The CMMC Rule and Plans of Action & Milestones (POA&M)
One of the things that I wanted to see in the CMMC Rule was more clarity on utilizing Plans of Action and Milestones (POA&M) for companies that do…
4 min read
