Posts about SRM

SRM

Control 3.6.1: Incident Response—Shared Roles, One Responsibility

“Establish an operational incident-handling capability for organizational systems that includes preparation, ...
SRM

Control 3.12.3 — The POA&M—Plan or Proof?

"Develop, document, and periodically update plans of action designed to correct deficiencies and reduce or ...
CMMC SRM

Control 3.1.20: Verifying and Controlling Connections to External Systems Trust Is Earned, Not Assumed

“Verify and control/limit connections to and use of external systems.” — NIST SP 800-171 Rev. 2, 3.1.20 If ...
CMMC SRM

Control 3.12.1 — Periodic Assessment of Security Controls

“Periodically assess the security controls in organizational systems to determine if the controls are ...
CMMC SRM

Control 3.1.2 – Limiting Access to Authorized Functions: Why “Everyone’s an Admin” Breaks Compliance

“Limit information system access to the types of transactions and functions that authorized users are ...
CMMC SRM

Control 3.1.1 — Identifying Authorized Users (It’s Not Entra ID)

One of the simplest requirements in CMMC is also one of the most misunderstood. Control 3.1.1 says: ...
CMMC SRM

Shared Responsibility Matrix: Everyone Has a Role— The OSC Leads

For many leaders in the Defense Industrial Base, CMMC feels like a maze of rules, consultants, and acronyms. ...