by Kevin Mann | Jul 29, 2025 | CMMC, Cybersecurity
In the CMMC world, Configuration Management begins with knowing what you have and how it should look. CM.L2-3.4.1 is foundational—and if you can’t meet this, the rest of the domain is going to fall apart quickly. As both an Authorized C3PAO and a Level 2 Certified...
by Kevin Mann | Jul 21, 2025 | CMMC, Cybersecurity
1. Why This Practice Matters AC.L1‑3.1.2 may look deceptively simple (“limit information‑system access to the types of transactions and functions that authorized users are permitted to execute”), but it is the cornerstone of least‑privilege at Level 2 (Its a Level 1...
by Kevin Mann | Jul 14, 2025 | CMMC
Access control is one of the foundational pillars of cybersecurity, especially within Cybersecurity Maturity Model Certification (CMMC). At Level 1, AC.L1-3.1.1 states: “Limit information system access to authorized users, processes acting on behalf of...
by Kevin Mann | Oct 24, 2024 | Cybersecurity, Vulnerabilities
Presently there is a vulnerability in Fortinet’s FortiManager (FMG) CVE-2024-47575 that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. To help keep your systems resistant to...
by Kevin Mann | Oct 9, 2024 | Cybersecurity
The U.S. National Institute of Standards and Technology (NIST) has updated its Password Guidelines, marking a significant shift in recommended best practices for password management. Here’s a breakdown of the key points and changes from the latest draft of SP...
