Posts about SRM

SRM

Shared Responsibility Means Shared Success

For many leaders preparing for CMMC, the hardest part isn’t the technical work—it’s understanding where their ...
SRM

Control 3.7.5 Maintenance, Oversight, and Structured Trust

“Perform maintenance on organizational systems only with approved and controlled tools, techniques, ...
SRM

Control 3.6.1: Incident Response—Shared Roles, One Responsibility

“Establish an operational incident-handling capability for organizational systems that includes preparation, ...
SRM

Control 3.12.3 — The POA&M—Plan or Proof?

"Develop, document, and periodically update plans of action designed to correct deficiencies and reduce or ...
CMMC SRM

Control 3.1.20: Verifying and Controlling Connections to External Systems Trust Is Earned, Not Assumed

“Verify and control/limit connections to and use of external systems.” — NIST SP 800-171 Rev. 2, 3.1.20 If ...
CMMC SRM

Control 3.12.1 — Periodic Assessment of Security Controls

“Periodically assess the security controls in organizational systems to determine if the controls are ...
CMMC SRM

Control 3.1.2 – Limiting Access to Authorized Functions: Why “Everyone’s an Admin” Breaks Compliance

“Limit information system access to the types of transactions and functions that authorized users are ...
CMMC SRM

Control 3.1.1 — Identifying Authorized Users (It’s Not Entra ID)

One of the simplest requirements in CMMC is also one of the most misunderstood. Control 3.1.1 says: ...
CMMC SRM

Shared Responsibility Matrix: Everyone Has a Role— The OSC Leads

For many leaders in the Defense Industrial Base, CMMC feels like a maze of rules, consultants, and acronyms. ...