Information Security Resources

3.3.3, Review and update logged events

June 16th, 2024|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , , , , , , |

Did you know that NIST SP 800-171's 3.3.3, Review and Update Logged Events, is a commonly and THOROUGHLY misunderstood requirement?  Let's be blunt, 3.3.3 has NOTHING to do with identifying potential events that indicate a compromise. If [...]

3.3.1, System Auditing

June 11th, 2024|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , , , , , , |

Organization's struggle with documenting NIST SP 800-171's 3.3.1 System Auditing, especially when they are using Commercial Off the Shelf (COTS) software or cloud services. Like all of the other As the CMMC Churns Understand the Requirements series, [...]

All of the Assessment Types

May 31st, 2024|Categories: Greenhorn's Guide, whItepapers|Tags: , , , , |

All of the Assessment Types A PDF version of this "Greenhorn's Guide to All of the Assessment Types" can be downloaded here: https://peakinfosec.com/wp-content/uploads/2024/05/All-of-the-Assessment-Types.pdf A Conformity Assessment??? What is an assessment?  If your organization is involved [...]

3.1.22, Publicly Accessible Content

May 30th, 2024|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , , , |

Is your organization struggling with NIST SP 800-171's Security Requirement 3.1.22, Publicly Accessible Content? Did you know this is one requirement applies to normally out-of-scope components while the remaining 109 apply to internal components? This As the CMMC [...]

Identifying Inactive Accounts via Sentinel

May 28th, 2024|Categories: understanding the requirements, whItepapers|Tags: , , , , , , |

WARNING:  The following whitepaper on Identifying Inactive Accounts via an Azure Sentinel analytic and watchlist is provided as-is with no guarantees of accuracy nor sufficiency & adequacy to fulfill the assessment objectives for 3.5.6, "Disable identifiers after a [...]

3.10.6 Alternate Work Sites

April 19th, 2024|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , , , , |

Is your organization struggling to understand how to approach the NIST SP 800-171 3.10.6 Security Requirement for Alternate Work Sites?  What is allowed and what an assessor may be looking for? In this CMMC Churns, we dive [...]

Requirements have Relationships

March 6th, 2024|Categories: As the CMMC Churns|Tags: , , , , |

I’ll bet you didn’t know the Security Requirements in NIST SP 800-171 have relationships. We see people just jumping into NIST SP 800-171 compliance helping organizations and even CMMC Certified Assessors failing to understand how one requirement [...]

Approve, the Forgotten Verb

February 25th, 2024|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , , , |

Did you know one of the most prolific failures for an organization's self-assessments and those seeking certification during a conformity assessment under Cybersecurity is their documentation?  Approvals. For some crazy reason organizations think draft documentation, settings that [...]

32 CFR Part 170 Word Document

January 8th, 2024|Categories: CMMC, Compliance, DFARS & NIST SP 800-171, Information Security, whItepapers|Tags: , , , , , , , , , , , |

Here is the MS Word version of the Draft 32 CFR Part 170, CMMC Program rule: PART_170—CYBERSECURITY_MATURITY MODEL_CERTIFICATION_PROGRAM

3.13.7 and Split Tunneling

June 22nd, 2023|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , |

Are you trying got understand the 3.13.7 and Split Tunneling Security Requirement in NIST SP 800-171 Rev 2 (and draft Rev 3?? Like all of the requirements, there are nuances in the actual Security Requirement, “Prevent remote [...]

Tips about FIPS Part 2

March 31st, 2023|Categories: As the CMMC Churns, understanding the requirements|Tags: , , , , |

Has 3.13.11, the use of FIPS-validated encryption, sent your organization through the Seven Stages of CMMC Grief? Does the use of FIPS-validated encryption have you befuddled?  Tips about FIPS Part 2 continues address the most common DIBCAC [...]

Information Security Turnaround Specialists