CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |
New podcast is up: set phasers to "NFO" edition. Remember that "class deviation" for DFARS clause 252.204-7012? 𝗧𝗵𝗲 𝗴𝗼𝗼𝗱 𝗻𝗲𝘄𝘀: NIST SP 800-171 revision 2 is the requirement for the next several years. 𝗧𝗵𝗲 𝗯𝗮𝗱 𝗻𝗲𝘄𝘀: NIST SP 800-171 revision 2 is the requirement for the next several years. You see while 171r2 is a smaller set of requirements compared to 171r3, it's only smaller because of several questionable and often deeply unhelpful tailoring decisions that allowed the authors to make the document arbitrarily small. This week we dive into the bizarre underbelly of "NFO" controls - cybersecurity requirements that are "𝗲𝘅𝗽𝗲𝗰𝘁𝗲𝗱 𝘁𝗼 𝗯𝗲 𝗿𝗼𝘂𝘁𝗶𝗻𝗲𝗹𝘆 𝘀𝗮𝘁𝗶𝘀𝗳𝗶𝗲𝗱 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝘀𝗽𝗲𝗰𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻" with several examples: - “-1 controls” - Training Records - Independent Assessments - External Connections - Configuration Management - Incident Response Plan - The SA Family Episode links are in the comments 👇 Like ❤️ and subscribe 🔔
Jacob Horne You know I have gotten the impression over the last several years that you might think the whole NFO construct is suboptimum? Maybe?
I vote that 171r2 is bad news. We don’t need multiple standard versions to track. A nice clean break would be much better especially since the bulk of those effected are just barely building their programs now and will have to do it all again when we move to rev 3.
CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |
1mo👀 Watch Here: YouTube: https://youtu.be/YEQd--RIUkU?si=MD7eEhSlw9yu-rl6 Spotify: https://open.spotify.com/show/2qwRGssjNbp7M2Ygm2Dvum 🔊 Listen here: Apple Podcasts: https://podcasts.apple.com/us/podcast/summit-7-presents-sum-it-up/id1649265805 Pandora: https://www.pandora.com/podcast/summit-7-presents-sum-it-up/PC:1001030604 Stitcher: https://www.stitcher.com/show/1030604 Spotify: https://open.spotify.com/show/2qwRGssjNbp7M2Ygm2Dvum Amazon: https://music.amazon.com/podcasts/7d78f748-d481-47fc-abd1-061157ce0a81