Introduction Earlier in this blog series, we discussed the importance of system audit logs and the regular review of those logs, and system alerts for events that lead to a failure in the audit logging process. In this blog, we will look at what happens when...
Update on Rulemaking From an article published by Sara Friedman[1] of Inside Cybersecurity, the DoD now expects to release interim rules two months earlier than expected — in March 2023 — and include CMMC requirements in contracts by May 2023, after the...
Introduction Identification and Authentication is often the front-line defense of system security and is used to protect the system from unauthorized access. Identifiers Control3.5.1Identify system users, processes acting on behalf of users, and...
Introduction Red Hat defines Configuration Management as “a process for maintaining computer systems, servers, and software in a desired, consistent state”. [1] In other words, a company will have a complete catalog of its systems’ original configurations,...
Introduction Audit trails maintain a record of system activity, and provide the ability to establish individual accountability, detect system anomalies, and reconstruct system events using key records. A robust Audit and Accountability program includes system...
Introduction Don’t be fooled by the “easy” look of the three controls in the Awareness and Training family of NIST SP 800-171, which are requirements in CMMC 2.0. A training and awareness program takes a significant amount of time to plan and create, and...