Ask the CCP: SCOPE AND BOUNDARIES-CLOUD & MSSP So, I am counting the days until (around) October 28th: • 56 is the approximate number of work days . . . . . . that sometime in late October: CMMC version 2 will (might) become effective. THIS JUST IN - the CyberAB projected that the Effective-ness of CMMC version 2 might not occur until maybe March of 2025. I posted a 1-off in yesterday’s installment (T.A.R.D.I.S). 1. TO LEAD with Yesterday’s topic which is boundaries I will preface today’s discussion which is noted above with commentary about how to represent your boundaries. Historically there’s always been a balance in security diagrams that the IT staff seems to not always grasp. Meaning that I have seen some truly awful data flow diagrams and boundary diagrams as an assessor for the last couple of decades. And already out there we go So my prescription for all the OSC , is to get your CMMC certification boundary and assessment boundary well defined early. The certification boundary coincides with your list of CMMC assets against other types of assets. Likewise your CMMC assessment boundary shows what is going to be assessed there are demonstrative diagrams available as examples. As I am quite adept at creating these, DM me if you need assistance with creating Data Flow Diagrams as well as Boundary Diagrams and Assessment Diagrams. These are critical to get correct for your CMMC evaluation. 2. This installment goes deeper to addressing cloud tenants and Managed IT/Security Services (MSSP). It is stated in CMMC V2 rule that Cloud Service Providers (CSP) are not part of the CMMC boundary – only the Organization Seeking Certification (OSC) tenant is to be a CMMC Asset. However, MSSPs hosting IT and Security Assets for the OSC are within the CMMC Boundary and Scope. This based on no separation between the organizations, meaning that CMMC assumes the MSSP has insight to the OSC’s information. Therefore MSSPs must be concurrently certified to the same as the OSC they are supporting. However, DoD is not yet permitting MSSPs to enter the CMMC Certification processes. Advice to MSSPs is therefore, be prepared for complete CMMC compliance immediately. #CMMCv2 #boundary #assessment #dfd I Prepare and Evaluate Organizational Readiness for CMMCv2. So if you have any questions. . . . Since I am both CCP and Certified Instructor, I am a CUI expert Or at least I know where to find the specifications and details 🤔 Tap Me/DM here on LinkedIn or email
Brett Osborne’s Post
More Relevant Posts
-
Cloud Service Providers - Are you up to speed with the latest developments from the GSA? The transition to their systems now requires CSPs to submit all FedRAMP artifacts in NIST’s OSCAL machine-readable format. Managing System Security Plans (SSPs) in both OSCAL and traditional Word formats might seem like a daunting task. However, we are fully equipped to guide you through the process seamlessly. At c1Secure, we recognize the complexity involved in adhering to the FedRAMP PMO's recent mandate. That's why we've engineered a groundbreaking solution to simplify your SSP management: introducing C1Secure SSP OSCAL Management Console and Templatizer. . Automatic Conversion to Word - Seamlessly convert OSCAL code into compliant Word documents. · User-Friendly Interface - Our intuitive interface ensures effortless deployment and operation. · Time and Cost Efficiency - Bid farewell to manual conversions and reclaim thousands of hours in SSP maintenance. · Assured Compliance - Our outputs strictly adhere to the latest FedRAMP compliance requirements and OSCAL schemas. Streamline your SSP management process and maintain compliance with confidence. Contact Maggie Davis to schedule a demo today! #csp #fedramp #compliance #nist #oscal #irm #secops #c1secure #cmmc #cisosentinel #grc #poam
To view or add a comment, sign in
-
I feel like I have exhausted the SSP phase of my work. It is admittedly so a very major part of the Federal IT space. In addition to SSP, plan of action and milestones (POA&Ms) is another large part but that's not what I'm going to get into today. The other document that can trigger meetings and memos, is the information system contingency plan (ISCP). At its core, the ISCP is how to turn the system/application back on. In the government, they coach it in different language and use acronyms like recovery time objective (RTO) and recovery point objective (RPO). Since I used them I'll define them. RPO - is the maximum amount of acceptable data loss for an organization. RTO - is the maximum amount of acceptable time to recover. The ISCP is actually very important. It determines who gets called/emailed/texted/etc to let them know that the ISCP is being activated. It lets those individuals know what is the most critical parts that need to be activated first. If an application has high availability, then downtime must be minimized and those components that need to be back up first are brought back up first or failed over to an alternate location. The ISCP can get complicated if a component has a portfolio of applications. Then detailed recovery instructions for the portfolio must be included. I intended to mention that with the increased usage of cloud environments, alot of the responsibility has shifted in a sense to the cloud service providers (CSP). You can't recovery an application until the cloud and the attendant services are recovered or failed over. I may delve deeper into the ISCP. For now, this is a intro of sorts. #iscp
To view or add a comment, sign in
-
Exciting news for MSPs! Netwrix1Secure just got even better, empowering you to deliver enhanced security and compliance to your clients. Here's a quick rundown of the latest features: Automated Third-Party Risk Management: Streamline vendor risk assessments with automated workflows and pre-built questionnaires. Continuous User Activity Monitoring: Gain granular visibility into user behavior across all endpoints, detecting suspicious activities in real-time. Expanded Cloud Security Posture Management (CSPM): Strengthen your clients' cloud security with comprehensive monitoring and threat detection for Microsoft 365, Google Workspace, and AWS. Plus, all the benefits you already love: Centralized Security Management: Simplify security operations with a unified platform for all your clients. Compliance Made Easy: Ensure your clients meet industry regulations with pre-built reports and automated workflows. Scalability for Growth: Seamlessly add new clients without compromising performance. Ready to learn more? Register below for the Netwrix webinar: What’s New in Netwrix 1Secure for MSPs? #Netwrix #MSP #Security #Compliance #CloudSecurity P.S. Share your thoughts in the comments below! What are your biggest security concerns as an MSP?
To view or add a comment, sign in
-
🚀 Revolutionizing Cloud Compliance: ISO 27001 Meets the Future of Cloud-Native Security 🔐 The cloud-native world is transforming the game, but is your security ready for the challenge? 🌩️ From multi-cloud governance to containerized chaos, discover how to master ISO 27001 compliance in the era of dynamic, distributed systems in Sustainable Futures Trainings' latest blog. 💡 Unlock secrets to: 🔥 Conquer the multi-cloud maze with unified governance. 🛡️ Fortify container security like never before. 💼 Bridge the gap between shared responsibility models and your security framework. Ready to elevate your cloud security game? This is ISO 27001, redefined for the cloud. 🌐 Dive in the blog now: https://lnkd.in/gwtqzZid 📞 +91 9056742783 ✉️ [email protected] 🌐 https://lnkd.in/gZd_AFTU . . . #ISO27001 #CloudNativeSecurity #CloudCompliance #CyberSecurity #DataProtection #CloudGovernance #ContainerSecurity #SharedResponsibility #MultiCloud #ISMS #InformationSecurity #TechCompliance #KubernetesSecurity #CloudSecurity #CyberResilience #DigitalTransformation #CloudAudit #SecurityInTheCloud #ComplianceInTech #CloudArchitecture #RiskManagement #InfoSec #VulnerabilityManagement #InfrastructureAsCode #SecurityBestPractices #CloudSecurityAudit #ISO27001Compliance #CloudSecurityBestPractices #CyberSecurityAwareness #DataSecurityMatters #ComplianceAutomation #CloudSecuritySolutions #RiskMitigation #SecOps #ZeroTrustSecurity #CyberCompliance #CloudArchitectureDesign #CloudInfrastructure #DevSecOps #CloudTransformation #ComplianceFirst #PrivacyByDesign #SecureCloud #CyberRiskManagement #DataProtectionStrategy #TechInnovation #FutureOfCloud #SecurityOperations #InfoSecCommunity #SecureDevOps #CloudComplianceExperts #DigitalSecurity ISO - International Organization for Standardization Exemplar Global, Inc. iNARTE Ethical Trading Initiative Association of Professional Social Compliance Auditors Inc. (APSCA)
ISO 27001 Compliance in Cloud-Native Environments
https://www.sftrainings.org
To view or add a comment, sign in
-
ISC2 validation is much faster on your second certification.
Certified Cloud Security Professional (CCSP) was issued by ISC2 to SCOTT Nalua Kahapea SPENCER.
credly.com
To view or add a comment, sign in
-
At Blue Hill, we are experts in managing VSE systems based on your business needs. Whether you're looking to keep your system running smoothly “as is”, or you're ready to upgrade to the latest VSE 6.3n to stay compliant and take advantage of new features, we’ve successfully done it all. Our VSE Management Services Include: Maintain "As Is": We ensure your current VSE system runs efficiently, with 24/7 monitoring from our secure data centers, freeing up your internal resources. Upgrades to VSE 6.3n: With multiple successful upgrades to VSE 6.3n already completed, we help businesses modernize their VSE environments. Enjoy enhanced performance, improved security features, and seamless cloud integration. Compliance & Security: Whether you maintain your legacy system or upgrade to VSE 6.3n, we ensure full compliance with industry standards and evolving security regulations. Seamless Transition: Our experience with VSE 6.3n upgrades ensures a smooth transition with minimal disruption to your business, so you can quickly benefit from the latest features like enhanced encryption and faster processing. Why Trust Us? Proven Expertise: With over 30 years of experience managing and upgrading VSE systems, our team has completed numerous successful VSE 6.3n upgrades, positioning our clients for future growth. Flexibility: We provide management tailored to your needs—whether keeping your system as it is or upgrading to the newest version. Compliance-Ready: Stay ahead of security and regulatory requirements with our proactive approach to updates and compliance checks. Let us manage your VSE system while you focus on innovation and growth. Whether maintaining your current setup or upgrading to VSE 6.3n, we ensure your systems perform at their best. Connect with us today to learn how we can support your VSE system management. Visit us at www.BlueHillData.com #VSE #VSE63 #MainframeManagement #Compliance #ITServices #SystemUpgrade #DataCenterSolutions
To view or add a comment, sign in
-
Get a comprehensive look at the #CSPM capabilities of CloudGuard CNAPP. We walk through creating a policy, running a policy assessment, operationalizing the data, and more. Learn more: https://lnkd.in/gCiQanTX #CSPM
Cloud Security Posture Management with Check Point CloudGuard
https://www.youtube.com/
To view or add a comment, sign in
-
🚀 Revolutionizing Cloud Compliance: ISO 27001 Meets the Future of Cloud-Native Security 🔐 The cloud-native world is transforming the game, but is your security ready for the challenge? 🌩️ From multi-cloud governance to containerized chaos, discover how to master ISO 27001 compliance in the era of dynamic, distributed systems in our latest blog. 💡 Unlock secrets to: 🔥 Conquer the multi-cloud maze with unified governance. 🛡️ Fortify container security like never before. 💼 Bridge the gap between shared responsibility models and your security framework. Ready to elevate your cloud security game? This is ISO 27001, redefined for the cloud. 🌐 Dive in the blog now: https://lnkd.in/giEj4CTY 📞 +91 9056742783 ✉️ [email protected] 🌐 https://lnkd.in/gw4rt-A3 . . . #ISO27001 #CloudNativeSecurity #CloudCompliance #CyberSecurity #DataProtection #CloudGovernance #ContainerSecurity #SharedResponsibility #MultiCloud #ISMS #InformationSecurity #TechCompliance #KubernetesSecurity #CloudSecurity #CyberResilience #DigitalTransformation #CloudAudit #SecurityInTheCloud #ComplianceInTech #CloudArchitecture #RiskManagement #InfoSec #VulnerabilityManagement #InfrastructureAsCode #SecurityBestPractices #CloudSecurityAudit #ISO27001Compliance #CloudSecurityBestPractices #CyberSecurityAwareness #DataSecurityMatters #ComplianceAutomation #CloudSecuritySolutions #RiskMitigation #SecOps #ZeroTrustSecurity #CyberCompliance #CloudArchitectureDesign #CloudInfrastructure #DevSecOps #CloudTransformation #ComplianceFirst #PrivacyByDesign #SecureCloud #CyberRiskManagement #DataProtectionStrategy #TechInnovation #FutureOfCloud #SecurityOperations #InfoSecCommunity #SecureDevOps #CloudComplianceExperts #DigitalSecurity Col Sukhpal Khetarpal ISO - International Organization for Standardization Exemplar Global, Inc. iNARTE Ethical Trading Initiative Association of Professional Social Compliance Auditors Inc. (APSCA)
ISO 27001 Compliance in Cloud-Native Environments
https://www.sftrainings.org
To view or add a comment, sign in
-
Join us for an information session on IBM i Series and how you can provide DR services to your critical business assets.
On March 13 i have the pleasure and privilege to be speaker at "Securing your IBM i future " webinar organized by Ekco. Join us for an exclusive webinar as we explore the power of Maxava’s DRaaS (Disaster Recovery as a Service) and Ekco’s managed services expertise to build a robust and future-proof DR strategy on IBM Power Virtual Server. Beside my also Ash Giddings from Maxava and Mark Donnellan from Ekco will be presenting. registration and more information via this link https://lnkd.in/ez7M_25q Teresa Colombo Val T. Besong Simon Porstendorfer Kirsten Savage Lyons #power #ibm i #cloud #dr #ha
Webinar: Securing your IBM i future
https://www.ek.co
To view or add a comment, sign in
-
This @ThalesCloudSec white paper examines the urgent need for robust #secrets management solutions. It provides a detailed overview of the secrets management challenge, from risks to requirements. Guidance is provided on planning, evaluating, and selecting a secrets management system aligned to organization needs. Download this resource here: https://lnkd.in/dkTuv894
How to Choose a Secrets Management Solution
acceleratecampaigns.thalesgroup.com
To view or add a comment, sign in