News and Articles in the realm of Security Compliance and Vulnerability Assessment.
Hello Folks, I have a good understanding of the NIST 800-171 Rev 2 implementation, but I'm not sure about other aspects such as auditing, scoping assessments, and writing the System Security Plan (SSP). Could you recommend some good books or resources to help me learn everything about CMMC?
Please note that our company is a small business.
I'm working IT for a smallish engineering firm, and I've been trying to get the ball rolling on getting us set up for compliance. The company is about 80 people right now but it seems like we keep growing. Currently, maybe 10 people do government work. Currently we're on commercial Business 365, and working on at least being Level 1, but with the goal to eventually try to prep for Level 2.
A thought I had, to possibly save a little money, is to create a GCC tenant for the sole purpose of doing Federal work, along with devices that are only used with those accounts and the corresponding work.. Since the number of people actually participating in it is so small, maybe it would work? I'm not sure if the controls are intended to be company wide, or just for those who work with CUI. Otherwise, we should probably do a full migration to GCC? High shouldn't be necessary I think, as we don't work with ITAR or EAC
Any advice is welcome, thanks in advance!
Hello everyone,
I have just implemented the NIST 800 53 for my employer in Germany. In other words, I have written a large catalog of safety measures (>400 controls) based on NIST 800 -53.
We are now planning to inventory all IT systems and assign a subset of relevant safety measures to each IT system.
My problem is that I don't want to assign controls individually for a large number of IT systems and applications.
Hence my question:
Is there a methodology from NIST on how I assign controls from the NIST 800 - 53 to categories of IT systems or applications? For example, is there a template that certain Control Families are relevant for web servers?
Thanks in advance!
 | CCM Machine Readable Bundle (JSON/YAML/OSCAL) CSA provides in a machine-readable format the CCM Controls, CAIQ Security Questionnaire, Implementation Guidelines (both JSON/YAML and OSCAL) and Mappings... Request to download |
Im referring to something like this/Resources/BC%2013%20-%20Released%20Hardening%20MS%20Windows%20for%20NIST%20SP%20800-171%20Compliance%20%20CMTC%20%2028%20Sep%202021.pdf?ver=_DEhmi5P7R08rIZvlqDyzw%3D%3D), where they show all the Windows Group Policy Object settings that need to be changed in order to secure a Windows machine, or another similarly easy to understand resource, I find the STIG descriptions to be a bit ambiguous at times
