Ongoing monitoring is an important piece of any organization’s cybersecurity and cyber compliance investments. The SolarWinds hack was discovered, partly because of ongoing monitoring; someone noticed that a user account signed in with an unusual/different device.

Azure Cloud Shell, Azure CLI, Azure PowerShell, and Azure Bash refers to ways or available options for remotely managing Azure resources.

Cybersecurity and regulatory cyber compliance are different and complementary. Cybersecurity is the art and practice of protecting systems and ensuring confidentiality, integrity, and availability of information. Regulatory cyber compliance refers to meeting the assessment objectives of specific cyber frameworks or standards.

While CMMC 2.0 eliminates the 20 additional practices that was part of CMMC 1.0 - aka the Delta 20 practices, it is important that OSCs realize that some of the Delta 20 practices are already a part of the 110 practices of NIST 800-171.

“NFO” Controls: Important Distinction for Organizations Seeking Certification (OSC)

There is a little known aspect of NIST SP 800-171 known as "NFO" controls. "NFO" controls are found in appendix E of the NIST SP 800-171 documentation. "NFO" is one of the tailoring criteria used in deriving CUI controls/practices from NIST SP 800-53 for NIST SP 800-171 and it refers to practices that are "expected to be routinely satisfied by nonfederal organizations without specification". So, it is assumed and expected that OSCs are implementing these "NFO" controls. The challenge is that many OSCs are not aware of the "NFO" controls and are not implementing these controls.