User contributions for Marieramsay

3 November 2024

• 23:1323:13, 3 November 2024 diff hist +89‎ FAQ ‎No edit summary Tag: Visual edit
• 23:1123:11, 3 November 2024 diff hist +2,621‎ FAQ ‎No edit summary Tag: Visual edit
• 22:3622:36, 3 November 2024 diff hist +1,010‎ FAQ ‎No edit summary Tag: Visual edit

12 October 2024

• 23:5923:59, 12 October 2024 diff hist +28‎ Main Page ‎ →‎Main Wiki Pages current Tag: Visual edit
• 23:0023:00, 12 October 2024 diff hist +708‎ 32 CFR Part 170 Key Takeaways ‎ →‎Introduction Tag: Visual edit
• 22:4122:41, 12 October 2024 diff hist +3,445‎ 32 CFR Part 170 Key Takeaways ‎ →‎Security Protection Assets Tag: Visual edit

30 September 2024

• 17:2617:26, 30 September 2024 diff hist −8‎ Self-Assessment and Certification ‎No edit summary current
• 17:2517:25, 30 September 2024 diff hist −9‎ Self-Assessment and Certification ‎No edit summary
• 02:2202:22, 30 September 2024 diff hist −307‎ Self-Assessment and Certification ‎No edit summary
• 02:2102:21, 30 September 2024 diff hist +8,514‎ N CCP ‎ Created page with "A Certified CMMC Professional (CCP) is an entry-level certification within the Cybersecurity Maturity Model Certification (CMMC) ecosystem. Individuals who earn the CCP designation have the foundational knowledge of the CMMC framework and are equipped to assist organizations in understanding, preparing for, and achieving CMMC compliance. CCPs are often involved in helping defense contractors implement the necessary cybersecurity practices required to protect Controlled U..." current
• 02:1502:15, 30 September 2024 diff hist +7,574‎ N CCA ‎ Created page with "A Certified CMMC Assessor (CCA) is an individual who has been trained, certified, and authorized to conduct official Cybersecurity Maturity Model Certification (CMMC) assessments on behalf of a Certified Third-Party Assessment Organization (C3PAO). CCAs play a critical role in the CMMC ecosystem by evaluating defense contractors’ compliance with the CMMC framework to ensure they meet the required cybersecurity standards necessary to handle Controlled Unclassified Infor..." current
• 02:0902:09, 30 September 2024 diff hist +89‎ LTP ‎No edit summary current
• 02:0802:08, 30 September 2024 diff hist +6,571‎ N LTP ‎ Created page with "Licensed Training Providers (LTPs) in the Cybersecurity Maturity Model Certification (CMMC) ecosystem are organizations authorized by the Cyber-AB (CMMC Accreditation Body) to deliver official training programs for individuals seeking CMMC-related certifications. LTPs play a crucial role in ensuring that professionals working within the CMMC ecosystem—such as Certified CMMC Professionals (CCPs) and Certified CMMC Assessors (CCAs)—receive high-quality, standardized tr..."
• 02:0202:02, 30 September 2024 diff hist −1‎ Resources and Tools for Compliance ‎No edit summary current
• 02:0202:02, 30 September 2024 diff hist +7,462‎ N Resources and Tools for Compliance ‎ Created page with "To support organizations in achieving CMMC (Cybersecurity Maturity Model Certification) compliance, several resources and tools are available from government sources. These resources help organizations understand the requirements of the CMMC framework, assess their cybersecurity posture, and implement the necessary controls to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). ==Here is a list of key government-provided tools and r..."
• 01:4301:43, 30 September 2024 diff hist +114‎ Training and Education ‎No edit summary current
• 01:4201:42, 30 September 2024 diff hist +9,577‎ N Training and Education ‎ Created page with "If someone is interested in consulting for CMMC (Cybersecurity Maturity Model Certification), it is important to have a solid understanding of the CMMC framework, the associated requirements, and the NIST 800-171 controls, which are at the core of CMMC. Additionally, training, certifications, and ongoing education are critical components to being a trusted and effective CMMC consultant. Below is a breakdown of the key areas of knowledge, education, and training required..."
• 01:3101:31, 30 September 2024 diff hist +9,040‎ N C3PAO ‎ Created page with "C3PAOs (Certified Third-Party Assessment Organizations) are critical entities within the Cybersecurity Maturity Model Certification (CMMC) ecosystem. These organizations are accredited by the Cyber-AB (Cybersecurity Maturity Model Certification Accreditation Body) to perform official CMMC assessments for companies that seek certification, especially those that handle Controlled Unclassified Information (CUI) as part of contracts with the Department of Defense (DoD). C3PA..." current
• 01:2401:24, 30 September 2024 diff hist +8,051‎ N SPRS ‎ Created page with "The Supplier Performance Risk System (SPRS) is a Department of Defense (DoD) platform used to assess and evaluate the performance, risks, and security posture of DoD suppliers. SPRS plays a critical role in the DoD’s acquisition process, providing procurement officials with performance ratings, risk assessments, and supplier compliance information, especially in relation to cybersecurity standards like NIST 800-171 and the Cybersecurity Maturity Model Certification (CM..." current
• 01:1801:18, 30 September 2024 diff hist +7,533‎ N CMMC-AB ‎ Created page with "The Cyber-AB (Cybersecurity Maturity Model Certification Accreditation Body) is an independent, nonprofit organization responsible for overseeing the Cybersecurity Maturity Model Certification (CMMC) ecosystem. The Cyber-AB plays a crucial role in ensuring the effective implementation of the CMMC framework, which is designed to enhance cybersecurity practices across the Defense Industrial Base (DIB) by ensuring that contractors meet specific security requirements for..." current
• 01:0801:08, 30 September 2024 diff hist +8,087‎ N Risk Assessment ‎ Created page with "The Risk Assessment family in NIST 800-171 Rev 2 focuses on ensuring that organizations have a structured process for identifying, assessing, and managing risks to their information systems and Controlled Unclassified Information (CUI). The goal is to help organizations understand their security risks, prioritize mitigation efforts, and protect sensitive information from potential threats and vulnerabilities. ==Key Risk Assessment Requirements in NIST 800-171 Rev 2:==..." current
• 01:0401:04, 30 September 2024 diff hist +9,073‎ N System and Information Integrity ‎ Created page with "The System and Information Integrity family in NIST 800-171 Rev 2 focuses on ensuring that an organization’s information systems can detect, respond to, and correct issues that may compromise the integrity and security of Controlled Unclassified Information (CUI). This family emphasizes the importance of monitoring systems for vulnerabilities, applying security patches promptly, and ensuring that malicious software and unauthorized system changes are detected and addre..." current
• 00:5600:56, 30 September 2024 diff hist +12,754‎ N System and Communications Protection ‎ Created page with "The System and Communications Protection family in NIST 800-171 Rev 2 addresses the safeguards necessary to protect the security and confidentiality of Controlled Unclassified Information (CUI) as it is processed, transmitted, or stored within an organization's information systems. This family emphasizes the need to secure both system boundaries and communication channels to prevent unauthorized access, tampering, or data leakage. ==Key System and Communications Protect..." current
• 00:4600:46, 30 September 2024 diff hist +8,770‎ N Security Assessment ‎ Created page with "The Security Assessment family in NIST 800-171 Rev 2 focuses on ensuring that organizations regularly evaluate and improve their information system security controls and practices to protect Controlled Unclassified Information (CUI). The purpose of this family is to establish a formal process for assessing security controls, conducting regular system reviews, and ensuring continuous monitoring to identify and address potential vulnerabilities or weaknesses in security...." current
• 00:4100:41, 30 September 2024 diff hist +8,755‎ N Physical Protection ‎ Created page with "The Physical Protection family in NIST 800-171 Rev 2 focuses on safeguarding Controlled Unclassified Information (CUI) by implementing physical security measures that protect information systems and their associated facilities from unauthorized physical access, tampering, or destruction. This family addresses the need to control physical access to systems, devices, and media that contain CUI, ensuring that only authorized personnel can access sensitive information. ==Ke..." current
• 00:3500:35, 30 September 2024 diff hist +6,256‎ N Personnel Security ‎ Created page with "The Personnel Security family in NIST 800-171 Rev 2 focuses on ensuring that individuals who have access to Controlled Unclassified Information (CUI) are properly vetted and that access to CUI is restricted when personnel no longer require it due to changes in employment status. The primary goal of this family is to prevent unauthorized access to CUI by ensuring that only trustworthy individuals are granted access, and that access is promptly revoked when personnel leave..." current
• 00:3200:32, 30 September 2024 diff hist +4‎ Media Protection ‎No edit summary current
• 00:3100:31, 30 September 2024 diff hist +8,423‎ N Media Protection ‎ Created page with "The Media Protection family in NIST 800-171 Rev 2 outlines the security controls necessary to protect Controlled Unclassified Information (CUI) that is stored on both digital and non-digital media. The goal is to ensure that media containing sensitive information is properly handled, stored, and disposed of to prevent unauthorized access, loss, or theft. This family covers various forms of media, including physical storage devices like hard drives and USB drives, paper..."
• 00:2500:25, 30 September 2024 diff hist +7,355‎ N Maintenance ‎ Created page with "The Maintenance family in NIST 800-171 Rev 2 focuses on ensuring that organizations perform appropriate and secure maintenance on information systems while protecting Controlled Unclassified Information (CUI). This includes managing the maintenance of both physical and virtual components, whether performed on-site or remotely, in a way that prevents unauthorized access or tampering during maintenance activities. ==Key Maintenance Requirements in NIST 800-171 Rev 2:== T..." current
• 00:1700:17, 30 September 2024 diff hist +8,946‎ N Incident Response ‎ Created page with "The Incident Response family in NIST 800-171 Rev 2 outlines the processes and controls that organizations must implement to detect, report, respond to, and recover from cybersecurity incidents, particularly those that may affect Controlled Unclassified Information (CUI). The goal of these requirements is to ensure that organizations have the capability to effectively manage security incidents, minimize damage, and recover swiftly while preserving evidence for future inve..." current
• 00:0900:09, 30 September 2024 diff hist +8,493‎ N Identification and Authentication ‎ Created page with "The Identification and Authentication family in NIST 800-171 Rev 2 focuses on ensuring that information systems can correctly identify and authenticate users, devices, and processes before granting access to systems and data, particularly Controlled Unclassified Information (CUI). This family helps protect against unauthorized access by verifying that only legitimate users or systems can access information resources. ==Key Identification and Authentication Requirements..." current
• 00:0300:03, 30 September 2024 diff hist +9,367‎ N Configuration Management ‎ Created page with "The Configuration Management family in NIST 800-171 Rev 2 focuses on ensuring that organizations establish and maintain a secure state for their information systems by controlling changes to hardware, software, and firmware. This helps organizations reduce vulnerabilities, maintain a secure baseline configuration, and prevent unauthorized modifications that could compromise the security of Controlled Unclassified Information (CUI). ==Key Configuration Management Req..." current

29 September 2024

• 23:5623:56, 29 September 2024 diff hist +249‎ Audit and Accountability ‎No edit summary current
• 23:5123:51, 29 September 2024 diff hist +8,801‎ N Audit and Accountability ‎ Created page with "The Audit and Accountability family in NIST 800-171 Rev 2 is designed to ensure that organizations have the ability to track, monitor, and analyze activities within their information systems. By logging events and auditing system activity, organizations can detect unauthorized access, identify anomalies, and maintain accountability for user actions, which is critical for protecting Controlled Unclassified Information (CUI). This family includes requirements for logging..."
• 23:4323:43, 29 September 2024 diff hist +6,582‎ N Awareness and Training ‎ Created page with "The Awareness and Training family in NIST 800-171 Rev 2 is one of the 14 security control families that focuses on ensuring that employees and users of an organization’s systems are well-informed about cybersecurity risks and know how to protect Controlled Unclassified Information (CUI). This family emphasizes the importance of educating and training users to recognize and respond appropriately to potential security threats, thus helping to minimize human-related s..." current
• 23:3623:36, 29 September 2024 diff hist −1‎ Access Control ‎No edit summary
• 23:3623:36, 29 September 2024 diff hist −1‎ Access Control ‎No edit summary
• 23:3423:34, 29 September 2024 diff hist +339‎ Access Control ‎No edit summary
• 23:3023:30, 29 September 2024 diff hist +119‎ Access Control ‎No edit summary
• 23:2823:28, 29 September 2024 diff hist +8,690‎ N Access Control ‎ Created page with "Access Control is one of the 14 security families in NIST 800-171 Rev 2, which provides guidelines for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. The Access Control family focuses on limiting access to information systems, applications, and data to authorized individuals and ensuring that only those with appropriate permissions can access sensitive information. This helps prevent unauthorized access, which is critical fo..."
• 23:1823:18, 29 September 2024 diff hist −2‎ Self-Assessment and Certification ‎No edit summary
• 23:1723:17, 29 September 2024 diff hist +28‎ Self-Assessment and Certification ‎No edit summary
• 23:1623:16, 29 September 2024 diff hist +7,955‎ N Self-Assessment and Certification ‎ Created page with "In the Cybersecurity Maturity Model Certification (CMMC) framework, self-assessments and third-party certifications are two key mechanisms that organizations (especially defense contractors) use to demonstrate compliance with cybersecurity requirements set by the Department of Defense (DoD). These mechanisms are designed to ensure that contractors handling Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) have adequate cybersecurity measure..."
• 23:0223:02, 29 September 2024 diff hist +84‎ Continuous monitoring ‎No edit summary current
• 23:0123:01, 29 September 2024 diff hist +2‎ Continuous monitoring ‎No edit summary
• 23:0123:01, 29 September 2024 diff hist +2‎ Continuous monitoring ‎No edit summary
• 23:0023:00, 29 September 2024 diff hist +7,394‎ N Continuous monitoring ‎ Created page with "Continuous monitoring is a cybersecurity practice that involves the ongoing, real-time assessment and analysis of an organization's systems, networks, and data to identify potential vulnerabilities, threats, or unauthorized access. The goal of continuous monitoring is to maintain visibility into the security posture of an organization at all times, allowing for faster detection and response to cybersecurity incidents. === Key Components of Continuous Monitoring: === '..."
• 22:5522:55, 29 September 2024 diff hist +5,999‎ N APT ‎ Created page with "Advanced Persistent Threats (APTs) refer to highly sophisticated and persistent cyberattacks typically launched by well-funded and skilled adversaries, such as nation-states, organized cybercriminal groups, or advanced hacking collectives. Unlike typical cyberattacks that focus on immediate gains or disruption, APTs aim to infiltrate a network, remain undetected for long periods, and continuously gather intelligence or data over time. === Key Characteristics of APTs: ==..." current
• 22:4522:45, 29 September 2024 diff hist +4,323‎ N NIST SP 800-172 ‎ Created page with "[https://csrc.nist.gov/pubs/sp/800/172/final NIST SP 800-172], titled "Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations," builds on the foundation of NIST SP 800-171. It provides additional security controls and enhancements for organizations that handle highly sensitive Controlled Unclassified Information (CUI), particularly when the risk of advanced persistent threats (APTs) is a concern. H..." current
• 22:3922:39, 29 September 2024 diff hist +1‎ NIST 800-171 ‎No edit summary current