1 hour 17 minutes
prepping for C MMC. Now let's look at the poem.
So what is a poem? A poem is you have within yourself assessment that you're doing now and going down to the C M. M. C. If you do not satisfy one of the practices or controls,
then you have, ah, deficiency.
And so you have to have a
pyin of action and a milestone, meaning When will you go and have that
fixed? So, for example, was taken access control
to where you have minimum eight characters, but you do not have complexity set.
So within your critical applications or if it's within your domain, you have to figure out one.
How long is it gonna take to get that fixed? If it's on the domain, you'll probably fairly quick if it's within a critical application. Depending upon who's supporting that application, it may take a month or so to be able to fix it so you would have a plan of action
with the date that you're gonna have it fixed and who will be
assessed with fixing that poem.
So who actually creates the p o. A. The plan of action? And that is within each contractor structure can be different. So within it, if you have 1/3 party whose has the manage services, you can work with them where they would help
create that plan of action for you. If you have high tea capability within your structure than the person whether see Iot manager by T or C, I s o will go and create that plan of action.
Then the next thing is you go. Okay, So what's an acceptable milestone?
Currently, with the milestones you could potentially, I guess, have a six months or a year. Some of the
deficiencies that are out there could actually require a new piece of software.
It could be that you have to wait for the next version to come out that will actually fix that deficiency with it.
now with the sea MMC
that poems are not allowed
and they must all be closed to be able to get that certification. And this is probably one of the biggest stumbling blocks that I have
noted in my talks with some of the contractors and also third parties. And this actually goes back because what if you have to put a new application in to be able to satisfy that poem. What if it's going to take some time? So that's why
and looking at the poems you've gotto go and look at your structure. Now
go and bring in work with your third party. Work with another
pre assessor type person to be able to go in and what you know, you. What is actually wrong within your infrastructure.
Don't rely just on yourself because you need another set of eyes working at your infrastructure and saying, You know
this one area that you have it could be with backups. It could be with communications of VPN.
This may not be acceptable. And, as you know, if you are actually going working on firewall, if you're working on applications,
it could take a long time to be able one to get it done to to get the appropriate parties. Plus, what about the budget?
Some of the applications could be $100,000.500,000 dollars, depending on what the application is doing. And if you don't have that budgeted,
are you going to be able to go up to the board or to the president and say for us to be able to get this RFP this contract we need to g o and get the software or new firewall, whatever it is to be able to satisfy these poems.
So it's so important. It's so so important
that you start prepping now reach out Goto workshops go out to other vendors as they go and talk about cybersecurity. Talk with cybersecurity experts out there
and look at yourself. Have other people look at your infrastructure so that as the D O. D rolls out the CMM, see, you will be ready and passed with flying colors.