Frequently Asked Questions:
Can Critical Prism Defense help me with a CMMC Certification?
I can assist your organization towards CMMC compliance based on what I know about CMMC and through the CMMC-AB authorized Registered Practitioner (RP) and CMMC Provision Assessor (PA) training. I cannot conduct an official CMMC Assessment, in fact no company or individual can until there are certified C3PAOs. Once they are available I may be able to assist your organization with a CMMC assessment.
Can you help with deploying SIPRNet?
Yes this is a project that will have many aspects to it from general project management, facility construction, working with your customer to get the connection established, architecture & design of the IT systems, procurement of hardware/software, COMSEC account establishment, installation & configuration of systems, and DAAPM RMF documentation and submission. It isn’t a one size fits all project, but it is a project that I can implement for your organization.
What is the best way for my organization to defend against Ransomware?
There isn’t a magic bullet for this one. It will vary on your organization, technology, risk appetite and budget. How do you know where to go if you don’t know where you are? This is the base principle of Risk Management. Understand what you have, what risks there are, the probability of the risks happening and how to mitigate them. If your organization uses all machinery equipment that isn’t connected to the internet, why spend money on email filtering services and a firewall if it isn’t going to reduce risks? This is where we help your organization out. In my opinion, training and awareness of threats provides the best risk reduction for the money you spend. Other key items; use anti-virus, patch software & firmware, block access to questionable sites (or don’t access them),limit admin rights, limit user access to what they need to do their job, use two-factor authentication, don’t install applications that haven’t been verified as trustworthy, and as a last ditch effort – have a regularly run backup stored offline (that you can restore from).