Avatara DoD Platform
  • About
  • CMMC Compliance
  • Managed Security
  • CAD
  • Case Studies
  • CMMC Resources
  • Contact
  • Menu Menu

Business Owner’s Guide to CMMC

Ep 7: Configuration Management

Watch episode 7 of our Business Owner’s Guide to CMMC series with Ben Scully (Avatara) and Dan Langley (Lupa Advisors), or read the transcript below. Stay tuned weekly for new episodes containing actionable insights and an overview of each CMMC domain.

Video Transcript:

BEN: Next in our Guide to CMMC, configuration management. Talk to me a little bit about this category.

DAN: Okay, configuration management. There are nine controls that we look at within this category. It’s all about, what is my base system that the user has? Are the right securities and privileges in place for that system? How much can they change? What don’t I want them to change? Can a user come in and, with a thumb drive, install software? What software do they have access to? It’s all about that configuration and, more importantly, it’s about change management.

BEN: Right. I think this is—if I can toot the Avatara message a little bit—this is a category where our starting point is a bit of a competitive advantage because we’re so focused. We’ve talked a little bit about centralization of the data and making it easier to secure, but the fact that we just drive standardization, right? Standardization around server build, standardization around desktop app setup, the VPN setup. Everything being done the same way makes it easier to document what you’re doing, but also secure. And then, one of the things that, when you have a secure environment, can be a little bit annoying as a user is that you can’t just go in and have user-based admin access and install software. You have to have processes in place to say, okay, is this software that should be implemented on my environment? And, if so, do I have it documented so I know where it is? That’s just good business practice anyway, to know your enterprise software list and who has it. But it’s even more critical from a security standpoint, so people aren’t walking into the organization and downloading a Trojan or whatever it may be. So, you have to have those things in place.

DAN: Also, if I know what I have, I know what I need to patch.

BEN: That’s true.

DAN: That’s back to the very beginning. If a security vulnerability has been released in ABC software, I know about it and I can apply that patch, so I’m not exposed.

BEN: Right. And you would never know if a user was able to just go in and install software.

DAN: Exactly.

BEN: Great, thank you.

Next Episode

Watch Episode 8 on Identification & Authentication.

Need help getting compliant?

Avatara’s DoD Platform is a turnkey solution for centralized data and easier compliance. Schedule a free consultation today to learn more.

Schedule a Consultation

CORPORATE OFFICE

2329 Market St.
St. Louis, MO 63103

CONTACT SALES

8am-5pm M-F CST
314-310-7095

sales@avataracloud.com

Website by Abstrakt Marketing Group © 2021
  • About
  • CMMC Compliance
  • Managed Security
  • CAD
  • Case Studies
  • CMMC Resources
  • Contact
CMMC Guide: Audit & AccountabilityCMMC Guide: Identification & Authentication
Scroll to top

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields

Fill out the form below to watch the full Webinar video

 

"*" indicates required fields