• A
    Art Jordan

    Hi Everyone,
    Has anyone dealt with compliance and newer Privileged account management / Privileged Identify Management? NIST 800-171 and 53r4 for example calls for the use of a separate ‘non-privileged account’ for accessing security functions. That seems to be getting more difficult with services like Azure AD, its licensing model and the elevated rolls that can be assigned to accounts. We also want to be sure we take modern PAM into account in our policies as well.

    Thanks,

    Art

    posted in Security read more
  • A
    Art Jordan

    @daniel-fiore

    Hi Daniel could be the NuGet name needs to be in quotes?
    For the NuGet question I found the info below if it helps.
    I haven't watched those episodes so I can't comment on accuracy

    PS C:> Find-PackageProvider -Name "Nuget" -AllVersions
    PS C:> Install-PackageProvider -Name "Nuget" -RequiredVersion "2.8.5.216" -Force
    (you can use -MinimumVersion <String>)

    More info
    https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools

    https://docs.microsoft.com/en-us/powershell/module/packagemanagement/install-packageprovider?view=powershell-6

    posted in Microsoft read more
  • A
    Art Jordan

    I’ve seem some different opinions on implementing 2 Factor Authentication for AD Logins and was wondering if anyone else had any experience doing this. I’ve seen some info that if you need to implement 2FA for local AD logins it’s acceptable to use a computer certificate as the 2nd factor. Then there are other opinions that it would need to be a token based 2nd factor like a YubiKey type dongle or RSA style one time password token.

    I wanted to ask if anyone has implemented 2FA for NIST 800-171 compliance and what you did.

    Thanks,
    Art

    posted in Security read more
  • A
    Art Jordan

    Waqkas,

    One other thing I should have added. What are the plans your management has for the acquired business? Do they plan to have it operate as a fully separate operation or to integrate into the existing business? Then you’ll need to start thinking about single ERP system, combining email, Active directory, and perhaps setting up a WAN to connect the sites or doing some of that in the cloud.

    posted in ITIL read more
  • A
    Art Jordan

    Hi Waqkas,

    Here are a few I can think of
    • Ask if they have documented policies, standards, and procedures
    • Ask to look at any existing service contracts, for example network, phone lines, critical applications… that sort of thing
    • Do they use a ticketing system to track support incidents?
    • Do they use any sort of formalized change control?
    • Do they standardize their hardware and software or just buy what’s on sale at tiger direct.
    • To they use a standard OS image for systems or use the OS preinstalled by the manufacture
    • Are they utilizing any cloud services?
    • Do they need to follow any government or industry standards, PCI, NIST, or ISO for example
    • Do they have a security program in place?

    Those are just a few quick thoughts.
    Art

    posted in ITIL read more
  • A
    Art Jordan

    I was wondering if anyone knows if a pre-boot password is required for systems encrypted for NIST 800-171 clause 3.13.16 or 53r4 SC-28 compliance. For example, if you were to use implement MS bit locker without some sort of pre-boot pin or password is that compliant? Or do you need a product that always requires a passphrase?
    Thanks,
    Art

    posted in Security read more
  • A
    Art Jordan

    Yes it does, Thanks Wes

    posted in CompTIA read more
  • A
    Art Jordan

    Hi,
    Since you are a CompTIA partner, I was curious to know if your courses can be submitted for continuing education credits? If so, do you still have the completion certificates or any way to verify completion? In my case I need to submit CEU for CASP.
    Thanks,
    Art

    posted in CompTIA read more
  • A
    Art Jordan

    Hi Kevin,
    One of our providers allows us this type of access through Quest Active Roles.
    Art

    posted in Microsoft read more
  • A
    Art Jordan

    Hi Ronnie,

    Yes, that would be fine.

    Regards,
    Art

    posted in Security read more