Insights
Insights, field experiences, and general thoughts from our experts.
IA.L2-3.5.2 – Don’t Just Identify… Authenticate: Proving Identity Before Granting Access
If IA.L2-3.5.1 is about knowing who is trying to access your systems, then IA.L2-3.5.2 is about verifying they really are who they claim to be. As a Certified CMMC Assessor and Certified CMMC MSP, we often find that organizations rely on weak or inconsistent...
Tick-Tock Goes the CMMC Clock: Don’t Be a Defense Industry Wallflower
Alright, folks, let's talk defense- not missiles and tanks (though those are cool, too), but something a little closer to home: cybersecurity. Specifically, CMMC 2.0. Now, I know what you're thinking: "Another government regulation? Groan." But hear me out, because...
IA.L2-3.5.1 – Identifying Users Before Granting Access: The First Gate
The most fundamental question in cybersecurity is: “Who are you?” Before any system can enforce policy, log activity, or prevent unauthorized access, it must first identify the user. That’s what IA.L2-3.5.1 requires: reliable identification of users, processes, and...
CM.L2-3.4.2 – From Set to Secure: Enforcing Configuration Settings the Right Way
When we assess organizations for CMMC Level 2, CM.L2-3.4.2 is one of the clearest indicators of whether their security is proactive or accidental. Having configuration settings is one thing. Enforcing them is another. This post explores how to implement and validate...
CM.L2-3.4.1 – The Foundation of Configuration Control: Baselines and Inventories
In the CMMC world, Configuration Management begins with knowing what you have and how it should look. CM.L2-3.4.1 is foundational—and if you can’t meet this, the rest of the domain is going to fall apart quickly. As both an Authorized C3PAO and a Level 2 Certified...
Mastering AC.L1‑3.1.2: How to Limit Transactions & Functions — and Pass Your CMMC Level 2 Assessment
1. Why This Practice Matters AC.L1‑3.1.2 may look deceptively simple (“limit information‑system access to the types of transactions and functions that authorized users are permitted to execute”), but it is the cornerstone of least‑privilege at Level 2 (Its a Level 1...
Proper Implementation of AC.L1-3.1.1 – A Dual Perspective from a CMMC Assessor and Consultant
Access control is one of the foundational pillars of cybersecurity, especially within Cybersecurity Maturity Model Certification (CMMC). At Level 1, AC.L1-3.1.1 states: "Limit information system access to authorized users, processes acting on behalf of authorized...
FortiManager Zero-Day Vulnerability: How to Remediate
Presently there is a vulnerability in Fortinet’s FortiManager (FMG) CVE-2024-47575 that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. To help keep your systems resistant to...
New NIST Password Guidelines: Key Changes You Need to Know
The U.S. National Institute of Standards and Technology (NIST) has updated its Password Guidelines, marking a significant shift in recommended best practices for password management. Here’s a breakdown of the key points and changes from the latest draft of SP...
Resilient IT Earns Authorized C3PAO Status
Resilient IT, a leader in cybersecurity and compliance consulting and solutions, proudly announces its achievement of Authorized C3PAO (Certified Third-Party Assessment Organization) status. This designation, granted by the Cyber-AB, marks a significant milestone for...