System Security Plan How To for CMMC and NIST SP 800-171 DoD self assessment

Рет қаралды 11,954

Күн бұрын

Пікірлер: 24

@LionRelaxe 2 жыл бұрын

Really appreciated! I like how you clearly communicate the objectives behind the questions, and what attitudes we should have writing this document. This is a long exercice, coming into it with the wrong mindset would be terrible. Thanks for helping me avoid those pitfalls!

@uche2564 3 жыл бұрын

Thanks for this, looking forward to the 171 self assessment video!

@jeffwest5783 3 жыл бұрын

Thanks again Amira for another great video. You've provided such a tremendous value to the cybersecurity community and Defense Industrial Base supply chain, and we all owe you our gratitude.

@kierilf 3 жыл бұрын

Hi Jeff, very glad to be of assistance! Thanks for the kind words!

@RanbirSingh-b3e Жыл бұрын

Great presentation, thank you for taking the time to break it down.

@KingGrizzBadara 3 жыл бұрын

I appreciate this video and your direct approach. When you're working with small to medium businesses this can be very tedious due to wearing many hats. Thanks a bunch!

@gothrhys 3 жыл бұрын

Thanks! This was the simple, no frills explanation I had been looking for.

@vipersqueal 3 жыл бұрын

Appreciate you taking the time for this.

@giovannihermiz4715 3 жыл бұрын

Thank you for this video. You are so helpful. You did a great job breaking the information down.

@klai1689 3 жыл бұрын

This is an excellent video with great level of detail. Great job Amira! Thank you!

@kierilf 3 жыл бұрын

High praise coming from you - thanks Kyle!

@howieab606 2 жыл бұрын

Very insightful. Thanks for doing this.

@RUCK3R_41 4 ай бұрын

Awesome video thanks for sharing! Do you know where I could find an updated NIST 800-171 Rev.3 compliant template for an SSP?

@kierilf 4 ай бұрын

I don't know of any that are free/publicly available at this time. NIST definitely hasn't posted a free template yet.

@pizzafloof4253 3 жыл бұрын

Awesome video dude!

@RLBradders26 3 жыл бұрын

Great Video, thank you.

@DaveyReynolds 10 ай бұрын

great video. I am just learning about CMMC, but why would Level 1 (which as I understand it, covers only Federal Contract Information (FCI), have all kinds of information in the ssp pertaining to CUI, and no references to FCI at all?

@kierilf 10 ай бұрын

Hi Davey, CMMC Level 1 doesn't even require a system security plan. I might have been discussing 800-171 which is roughly equivalent to CMMC Level 2.

@DaveyReynolds 10 ай бұрын

@@kierilf thanks for the reply! your site and these videos has been a ~very~ helpful resource! So if I understand correctly, for Level 1 self assessment, no documents in particular are required. As for Level 2, I have found it very hard to pin down what documents are required, aside from the SSP. and maybe policies/procedures, and PO&Ms, but I haven't found a straight answer, just a lot of sites advertising their CMMC templates, which isn't particularly helpful. Is there any other docs an auditor would need/want for Level 2?

@kierilf 10 ай бұрын

@DaveyReynolds That is a heck of a conversation to explain the topic :) Essentially, other than a few specific docs like SSP, PO&AM, risk assessment, self assessment, which are specifically called out in level 2, there is no pass/fail need to have a bunch of policies. HOWEVER, policies and procedures (that are actually followed) are often the best way to both standardize internally and show that you've implemented a non-technical requirement. If you want to see a really functional set of templates that demonstrate this principle, I encourage you to check out Kieri Solution's Compliance Documentation. They have a video that shows examples of how the templates are used to support compliance. www.kieri.com/kcd

@DaveyReynolds 10 ай бұрын

@@kierilf thanks! that is good to know. I guess I am more used to FedRAMP, which is a bit more clear imo with what you need in an SSP and what attachments to include, so your perspective on CMMC is super appreciated.🙏