Avatara DoD Platform
  • About
  • CMMC Compliance
  • Managed Security
  • CAD
  • Case Studies
  • CMMC Resources
  • Contact
  • Menu Menu

Business Owner’s Guide to CMMC

Ep 4: Access Control

Watch episode 4 of our Business Owner’s Guide to CMMC series with Ben Scully (Avatara) and Dan Langley (Lupa Advisors), or read the transcript below. Stay tuned weekly for new episodes containing actionable insights and an overview of each CMMC domain.

Video Transcript:

BEN: Alright, Dan, so let’s kind of jump into each of these individual domains. But before I do that, is there is there a reference point that you would you know provide to our viewers as a guide? Because obviously we’re not going to spend enough time to dive into all the details here. So, where would you send people to provide guidance to each of these individual categories of security or domains.

DAN: Well, the group in charge from the DoD is the Cyber AB, and they’ve done a great job of putting together some really good guides. One, which I call the Bible, is something called the CMMC Assessment Guide. It’s a pretty thick little document but what it will do is, it’ll go through for your team and explain each of these domains. It will show exactly what the requirements are. It’s tied back to the NIST requirements that basically are the government’s guides, if you will, to what you need to do. There’s a separate page in this that explains exactly what it is you’re looking for, how you can test for it, how you can interview for it, how you can make sure that you’re enforcing that sort of security control. And if you do that, 110 controls later, you will be 100% CMMC compliant.

BEN: So, Dan, let’s dive into the first domain. Access Control, high level, what is it?

DAN: High level, Access Control is controlling who has access to your systems and your information. It’s not only who, but it’s what systems, what programs. We’re so used to basically having cloud type programs. Does a program running in the cloud gather information or gather data from your systems, or vice versa? It’s controlling access within that. It’s looking at your mobile device. Are you securing the data on that mobile device? What sort of encryption are you using when data’s in transit or whether it’s in storage or if it’s in use? So, it’s all about access.

BEN: Alright perfect, so Dan, give me give me an example of just one of these practices under Access Control and, high level, what these guys need to be thinking about.

DAN: Sure, well let’s reference the Bible. If you go under Access Control within the CMMC Assessment Guide and you say, “let’s control public information.” This is, when you win a contract, do you publish it on your website? Who has access to your Facebook page? What is the process in place for publishing things to your website? Who can do it? Does it have to be approved? What sort of controls are in place? That’s how you basically control access to the important information.

BEN: Right. It’s very interesting, too, because I think a lot of times when people think about Access Control they think about specifically about the network and maybe Wi-Fi. But, yeah, it goes all the way down to your social sites and controlling information out there on the public web and making sure that you have good processes around examining it and reviewing. So, that’s a great point.

Next Episode

Watch Episode 5 on Awareness & Training.

Need help getting compliant?

Avatara’s DoD Platform is a turnkey solution for centralized data and easier compliance. Schedule a free consultation today to learn more.

Schedule a Consultation

CORPORATE OFFICE

2329 Market St.
St. Louis, MO 63103

CONTACT SALES

8am-5pm M-F CST
314-310-7095

sales@avataracloud.com

Website by Abstrakt Marketing Group © 2021
  • About
  • CMMC Compliance
  • Managed Security
  • CAD
  • Case Studies
  • CMMC Resources
  • Contact
CMMC Guide: ScopingCMMC Guide: Awareness & Training
Scroll to top

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields