Introduction A System and Information Integrity program is critical for managing risks from system weaknesses, malicious code intrusion, and application errors. System Flaws and Security Alerts Control3.14.1Identify, report, and correct system flaws in a timely... Read More
There’s not much new in the world of CMMC. Joint assessments with C3PAOs and DIBCAC continue, but we all await the final 2.0 rules, which are still expected in the Spring of 2023. In the meantime, don’t stop preparing! Continue working through your POAMs,... Read More
Introduction Policies and procedures for System and Communications Protection should adhere to applicable Federal laws, Executive Orders, standards and guidance. This area focuses on the exchange of information within a system or a network. Monitor, Control,... Read More
Introduction As rapidly changing technologies and vulnerabilities materialize daily, organizations must have a security plan of action and milestones documented. This plan of action and milestones or POAM should be proactively followed by an assessment of the controls... Read More
Introduction A Risk assessment is a process of determining how effectively systems meet specific security objectives. A proper risk assessment plan should answer the following fundamental questions: What is the scope of the assessment?Who is authorized to conduct the... Read More
Introduction Many of the NIST controls deal with the logical aspect of access to organizational systems; however, without appropriate controls in place to protect the physical facilities and equipment, the compromise of information systems and CUI is at great risk.... Read More