-
CMMC Practice 3.4.7 – Ports, Protocols, Programs Functions, and Services
TL;DR: Simplifying Essential Features for Compliance The Goal: Restrict and disable nonessential programs, ports, protocols, functions, and services to reduce your system’s attack surface and improve security. Challenges:…
4 min read
-
CMMC Level 2 Self-Assessment or Assessment by a CMMC Third Party Assessment Organization?
Given the choice, most companies would choose a self-assessment over a third party assessment. Isn’t that what CMMC was trying to get away from? The decision of whether…
4 min read
-
The CMMC Rule and Plans of Action & Milestones (POA&M)
One of the things that I wanted to see in the CMMC Rule was more clarity on utilizing Plans of Action and Milestones (POA&M) for companies that do…
4 min read
-
The CMMC Rule is FINAL!
Woooohoooo, the long awaited CMMC Rule will be published on the Federal Register on October 15, 2024. The Wrightbrained team has spent some time looking at the document.…
4 min read
-
FIPS 140-2 and CMMC Compliance
What is FIPS 140-2? Federal Information Processing Standards Publication 140-2 is a standard for the cryptographic modules used in software and hardware to protect sensitive data. The key…
4 min read
-
The CrowdStrike Outage: Risk Assessments & Single Points of Failure
On July 19, 2024, what should have been a routine update meant to improve CrowdStrike’s Falcon Sensor software ended up causing chaos. Instead of enhancing the endpoint detection…
4 min read
