Let’s talk about practice 3.3.3. – Review and update logged events. [a] Determine if a process for determining when to review logged events is defined. [b] Determine if event types being logged are reviewed in accordance with the defined review process. [c] Determine if event types being logged are updated based on the review. ...
Author: Jillian Wright (Jillian Wright)
Post
Automation: Comparing Account Inventory to Active Directory Accounts
This is the first time I have shared something like this. I’ve actually created a ton of python scripts to automate things that need to be done at a certain frequency. It just speeds up the process. If you like this kind of info, let me know in the comments and I will share more....
Post
Microsoft Defender vs. Mobile Code
How Defender blocks mobile code. CMMC Practice SC L2 3.13.13 - Configure attack surface reduction, setup WDAC, setup real-time protection.
Post
Security Protection Assets and Security Protection Data in CMMC
What Are Security Protection Assets (SPAs)? SPAs are the tools, systems, and personnel that provide security functions or capabilities within the CMMC assessment scope of an Organization Seeking Certification (OSC). They protect CUI assets and the broader infrastructure that supports them. A Few Examples of SPAs: Firewalls: Devices or software that regulate network traffic, blocking...
Post
CMMC Practice 3.4.7 – Ports, Protocols, Programs Functions, and Services
TL;DR: Simplifying Essential Features for Compliance The Goal: Restrict and disable nonessential programs, ports, protocols, functions, and services to reduce your system’s attack surface and improve security. Challenges: Documentation—not implementation—is where most companies fall short. You must define “essential” clearly and apply it consistently. What to Do: • Inventory: Identify everything running on your systems....
Post
CMMC Level 2 Self-Assessment or Assessment by a CMMC Third Party Assessment Organization?
Given the choice, most companies would choose a self-assessment over a third party assessment. Isn’t that what CMMC was trying to get away from? The decision of whether a company can self-assess for a Level 2 assessment or if a contract requires a third-party C3PAO assessment is determined by the specific requirements stated in the...
Post
The CMMC Rule and Plans of Action & Milestones (POA&M)
One of the things that I wanted to see in the CMMC Rule was more clarity on utilizing Plans of Action and Milestones (POA&M) for companies that do not fully meet all 110 requirements during their assessment. I’m continuing to dive into the CMMC rule…it’s freaking long. Here is what it says about POA&Ms, the...
Post
The CMMC Rule is FINAL!
Woooohoooo, the long awaited CMMC Rule will be published on the Federal Register on October 15, 2024. The Wrightbrained team has spent some time looking at the document. Clarifications are a big theme. Everyone in the CMMC ecosystem had a lot of questions and there were several that stood out as the most common. I...
Post
FIPS 140-2 and CMMC Compliance
What is FIPS 140-2? Federal Information Processing Standards Publication 140-2 is a standard for the cryptographic modules used in software and hardware to protect sensitive data. The key difference between FIPS-validated modules and others is the rigorous testing and verification process they undergo. This process can take years, ensuring these modules meet strict security protocols....
Post
The CrowdStrike Outage: Risk Assessments & Single Points of Failure
On July 19, 2024, what should have been a routine update meant to improve CrowdStrike’s Falcon Sensor software ended up causing chaos. Instead of enhancing the endpoint detection and response system, the update resulted in Windows computers crashing spectacularly, displaying the dreaded “Blue Screen of Death.” This caused disruptions across the globe and across industries...