Let’s talk about practice 3.3.3. – Review and update logged events. [a] Determine if a process for determining when to review logged events is defined. [b] Determine if event types being logged are reviewed in accordance with the defined review process. [c] Determine if event types being logged are updated based on the review. ...
Category: NIST 800-171
Post
Microsoft Defender vs. Mobile Code
How Defender blocks mobile code. CMMC Practice SC L2 3.13.13 - Configure attack surface reduction, setup WDAC, setup real-time protection.
Post
CMMC Practice 3.4.7 – Ports, Protocols, Programs Functions, and Services
TL;DR: Simplifying Essential Features for Compliance The Goal: Restrict and disable nonessential programs, ports, protocols, functions, and services to reduce your system’s attack surface and improve security. Challenges: Documentation—not implementation—is where most companies fall short. You must define “essential” clearly and apply it consistently. What to Do: • Inventory: Identify everything running on your systems....
Post
Baseline Configurations: The First Step in Configuration Management
The Configuration Management (CM) domain in NIST SP 800-171 requires organizations to create and maintain baseline configurations and inventories for all their systems that includes hardware, software, firmware, and documentation. Think of baseline configurations like a snapshot, capturing the ideal system setup. Documenting a system’s desired state and practicing effective configuration and change management are crucial...