Ongoing monitoring is an important piece of any organization’s cybersecurity and cyber compliance investments. The SolarWinds hack was discovered, partly because of ongoing monitoring; someone noticed that a user account signed in with an unusual/different device.

Azure Cloud Shell, Azure CLI, Azure PowerShell, and Azure Bash refers to ways or available options for remotely managing Azure resources.

Cybersecurity and regulatory cyber compliance are different and complementary. Cybersecurity is the art and practice of protecting systems and ensuring confidentiality, integrity, and availability of information. Regulatory cyber compliance refers to meeting the assessment objectives of specific cyber frameworks or standards.

While CMMC 2.0 eliminates the 20 additional practices that was part of CMMC 1.0 - aka the Delta 20 practices, it is important that OSCs realize that some of the Delta 20 practices are already a part of the 110 practices of NIST 800-171.

“NFO” Controls: Important Distinction for Organizations Seeking Certification (OSC)

There is a little known aspect of NIST SP 800-171 known as "NFO" controls. "NFO" controls are found in appendix E of the NIST SP 800-171 documentation. "NFO" is one of the tailoring criteria used in deriving CUI controls/practices from NIST SP 800-53 for NIST SP 800-171 and it refers to practices that are "expected to be routinely satisfied by nonfederal organizations without specification". So, it is assumed and expected that OSCs are implementing these "NFO" controls. The challenge is that many OSCs are not aware of the "NFO" controls and are not implementing these controls.

Here is the summary of CMMC 2.0 released on November 4th 2021: In CMMC 2.0, there are changes to the administrative management (program) of CMMC but the fundamentals of the CMMC security requirements (model) remains the same.

Do you have a plan on how to permanently delete sensitive data accidentally delivered to your organization through email? If you do not, buckle up and read on.

Do you have a plan on how to permanently delete sensitive data accidentally delivered to your organization through email? If you do not, buckle up, read on and you are welcome!

Microsoft now has an answer for Vulnerability Management using Microsoft Defender for Endpoint.

CMMC – Level 3 - IA.3.083 - “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.”

The Microsoft Product Placemat for CMMC is an interactive view representing how Microsoft cloud products and services satisfy requirements for CMMC practices.

July 2021 Update: Compliance Manager premium assessment templates will no longer require a Microsoft 365 E5 or Office 365 E5 license as a prerequisite.

January 2021 Update: “The Compliance Manager is now available in all Microsoft 365 cloud offerings, including GCC and GCC High!”

As of the time of this article, If the following affects your organization:

Microsoft provides multiple Microsoft 365 Government offerings to address the compliance requirements of various US government agencies and contractors sponsored to hold controlled, unclassified information.

Setting up a New On-Premise Active Directory (AD) when Office 365 Users already Exist and Sync'n Both

Plan, Communication & Process Notes: