New pages

Jump to navigation Jump to search
New pages
Hide registered users | Show bots | Hide redirects
(newest | oldest) View (newer 50 | ) (20 | 50 | 100 | 250 | 500)

30 April 2025

  • 02:3102:31, 30 April 2025 LLMResponse AC.L2-3.1.4.c (hist | edit) [2,710 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for Assessment Objective [c] For the assessment objective "[c] access privileges that enable individuals to exercise the duties that require separation are granted to separate individuals," here's the ranking of evidence types supported by assessment objects: == Evidence Type Ranking == 1. **Artifacts (highest value)** - System access authorization records showing privilege distribution - Access control lists demonstrating separation of pr...")
  • 02:3002:30, 30 April 2025 LLMResponse AC.L2-3.1.4.b (hist | edit) [2,553 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for Assessment Objective [b] For the assessment objective "[b] responsibilities for duties that require separation are assigned to separate individuals," here's the ranking of evidence types supported by assessment objects: == Evidence Type Ranking == 1. **Artifacts (highest value)** - User account listings with role assignments - System access authorizations showing different individuals assigned to separated duties - Access control ma...")
  • 02:2902:29, 30 April 2025 LLMResponse AC.L2-3.1.4.a (hist | edit) [2,368 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for Assessment Objective [a] For the assessment objective "[a] the duties of individuals requiring separation are defined," I'll rank the evidence types supported by assessment objects from most to least valuable: == Evidence Type Ranking == 1. **Documents (highest value)** - Access control policy documents - Written procedures addressing divisions of responsibility and separation of duties - System security plan with defined separation...")
  • 02:2802:28, 30 April 2025 LLMPrompt AC.L2-3.1.4.c (hist | edit) [305 bytes] David (talk | contribs) (Created page with "For the assessment objective, [c] access privileges that enable individuals to exercise the duties that require separation are granted to separate individuals, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:2802:28, 30 April 2025 LLMPrompt AC.L2-3.1.4.b (hist | edit) [269 bytes] David (talk | contribs) (Created page with "For the assessment objective, [b] responsibilities for duties that require separation are assigned to separate individuals, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:2702:27, 30 April 2025 LLMPrompt AC.L2-3.1.4.a (hist | edit) [239 bytes] David (talk | contribs) (Created page with "For the assessment objective, [a] the duties of individuals requiring separation are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:2502:25, 30 April 2025 LLMPrompt AC.L2-3.1.4 (hist | edit) [6,442 bytes] David (talk | contribs) (Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object...")
  • 02:1802:18, 30 April 2025 LLMResponse AC.L2-3.1.3.e (hist | edit) [2,315 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for Enforcement of CUI Flow Authorizations For assessment objective [e] "approved authorizations for controlling the flow of CUI are enforced," here's my ranking of evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Technical Testing Evidence (Highest Priority)** - Results from testing mechanisms implementing information flow enforcement policy - Configuration screenshots of boundary protection devices...")
  • 02:1702:17, 30 April 2025 LLMResponse AC.L2-3.1.3.d (hist | edit) [2,287 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for CUI Flow Authorizations For assessment objective [d] "authorizations for controlling the flow of CUI are defined," here's my ranking of evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Documentation (Highest Priority)** - List of information flow authorizations - Access control policy sections on authorization requirements - System connection or processing agreements - System security plan se...")
  • 02:1602:16, 30 April 2025 LLMResponse AC.L2-3.1.3.c (hist | edit) [2,382 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for Designated Sources and Destinations For assessment objective [c] "designated sources and destinations (e.g., networks, individuals, and devices) for CUI within the system and between interconnected systems are identified," here's my ranking of evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Documentation (Highest Priority)** - Network diagrams showing CUI flow paths - System design documentation id...")
  • 02:1402:14, 30 April 2025 LLMResponse AC.L2-3.1.3.b (hist | edit) [2,127 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for Methods and Enforcement Mechanisms For assessment objective [b] "methods and enforcement mechanisms for controlling the flow of CUI are defined," here's how I rank the evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Documentation (High Priority)** - System design documentation showing flow control mechanisms - Configuration settings and associated documentation - Information flow control policie...")
  • 02:1302:13, 30 April 2025 LLMResponse AC.L2-3.1.3.a (hist | edit) [1,938 bytes] David (talk | contribs) (Created page with "Ranking Evidence Types for Information Flow Control Policies For assessment objective [a] "information flow control policies are defined," I'll rank the evidence types from most to least important based on the assessment objects in the CMMC documentation: == Evidence Type Ranking == 1. **Documentation (Highest Priority)** - Access control policy documents - Information flow control policy documentation - System security plan sections on information flow -...")
  • 02:1102:11, 30 April 2025 LLMPrompt AC.L2-3.1.3.e (hist | edit) [249 bytes] David (talk | contribs) (Created page with "For the assessment objective, [e] approved authorizations for controlling the flow of CUI are enforced, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:1102:11, 30 April 2025 LLMPrompt AC.L2-3.1.3.d (hist | edit) [239 bytes] David (talk | contribs) (Created page with "For the assessment objective, [d] authorizations for controlling the flow of CUI are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:1102:11, 30 April 2025 LLMPrompt AC.L2-3.1.3.c (hist | edit) [335 bytes] David (talk | contribs) (Created page with "For the assessment objective, [c] designated sources and destinations (e.g., networks, individuals, and devices) for CUI within the system and between interconnected systems are identified, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:1002:10, 30 April 2025 LLMPrompt AC.L2-3.1.3.b (hist | edit) [259 bytes] David (talk | contribs) (Created page with "For the assessment objective, [b] methods and enforcement mechanisms for controlling the flow of CUI are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:1002:10, 30 April 2025 LLMPrompt AC.L2-3.1.3.a (hist | edit) [226 bytes] David (talk | contribs) (Created page with "For the assessment objective, [a] information flow control policies are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:1002:10, 30 April 2025 LLMPrompt AC.L2-3.1.3 (hist | edit) [10,083 bytes] David (talk | contribs) (Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object...")
  • 01:5601:56, 30 April 2025 LLMResponse AC.L2-3.1.2.b (hist | edit) [2,187 bytes] David (talk | contribs) (Created page with "For assessment objective [b] - determining if "system access is limited to the defined types of transactions and functions for authorized users," I recommend the following prioritization of evidence types and assessment approaches: ### Evidence Types (ranked) 1. **Artifacts** - Highest priority - Access control implementation records - System logs showing access attempts (approved and denied) - Screenshots of permission settings in production systems - Outp...")
  • 01:5601:56, 30 April 2025 LLMResponse AC.L2-3.1.2.a (hist | edit) [2,314 bytes] David (talk | contribs) (Created page with "Based on your document, I'll help you prioritize evidence types for assessing objective [a] under the AC.L2-3.1.2 practice "Transaction & Function Control." This objective aims to determine if "the types of transactions and functions that authorized users are permitted to execute are defined." For this specific assessment objective, I recommend prioritizing the evidence types in the following order: 1. **Artifacts** - Highest priority - Documentation defining user r...")
  • 01:5101:51, 30 April 2025 LLMPrompt AC.L2-3.1.2.b (hist | edit) [277 bytes] David (talk | contribs) (Created page with "For the assessment objective, [b] system access is limited to the defined types of transactions and functions for authorized users, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 01:5001:50, 30 April 2025 LLMPrompt AC.L2-3.1.2.a (hist | edit) [279 bytes] David (talk | contribs) (Created page with "For the assessment objective, [a] the types of transactions and functions that authorized users are permitted to execute are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 01:5001:50, 30 April 2025 LLMPrompt AC.L2-3.1.2 (hist | edit) [6,124 bytes] David (talk | contribs) (Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object...")

7 April 2025

  • 03:0203:02, 7 April 2025 LLMResponse MP.L2-3.8.4.b (hist | edit) [2,899 bytes] David (talk | contribs) (Created page with "To effectively assess whether "media containing Controlled Unclassified Information (CUI) is marked with distribution limitations" under your organization’s media marking practices, it's crucial to understand which evidence types are supported by different assessment objects and how to sequence these assessments. == Evidence Types Supported by Assessment Objects == 1. **Examine:** - **Assessment Objectives:** System security plan; system media protection policy....")
  • 03:0103:01, 7 April 2025 LLMResponse MP.L2-3.8.4.a (hist | edit) [3,268 bytes] David (talk | contribs) (Created page with "To effectively assess whether "media containing CUI is marked with applicable CUI markings" under MP.L2-3.8.4 within your organization's media marking practices for Controlled Unclassified Information (CUI), it’s essential to use a strategic approach that involves selecting appropriate assessment objects, evidence types, and prioritizing assessment methods. == Evidence Types Supported by Assessment Objects == 1. **Examine:** - **Assessment Objectives:** System med...")
  • 02:5902:59, 7 April 2025 LLMPrompt MP.L2-3.8.4.b (hist | edit) [242 bytes] David (talk | contribs) (Created page with "For the assessment objective "[b] media containing CUI is marked with distribution limitations," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:5902:59, 7 April 2025 LLMPrompt MP.L2-3.8.4.a (hist | edit) [241 bytes] David (talk | contribs) (Created page with "For the assessment objective "[a] media containing CUI is marked with applicable CUI markings," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:5802:58, 7 April 2025 LLMPrompt MP.L2-3.8.4 (hist | edit) [5,481 bytes] David (talk | contribs) (Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object...")
  • 02:5302:53, 7 April 2025 LLMResponse MP.L2-3.8.3.b (hist | edit) [2,584 bytes] David (talk | contribs) (Created page with "To effectively assess whether "system media containing FCI is sanitized before it is released for reuse" as per your objective "[b]," you'll need to consider both appropriate evidence types and strategic prioritization of assessment approaches. == Evidence Types Supported by Assessment Objects == 1. **Artifacts (I1):** - *Media Sanitization Logs:* Detailed logs that provide a record of sanitization activities performed on media before reuse. 2. **Document (I2):*...")
  • 02:5102:51, 7 April 2025 LLMResponse MP.L2-3.8.3.a (hist | edit) [2,447 bytes] David (talk | contribs) (Created page with "To effectively assess whether "system media containing FCI is sanitized or destroyed before disposal" as per your objective "[a]," you'll want to consider both the most appropriate evidence types and prioritizing assessment approaches. == Evidence Types Supported by Assessment Objects == 1. **Artifacts (I1):** - *Media Sanitization Records:* These are direct records of media sanitization activities, demonstrating that specific actions were taken. 2. **Document...")
  • 02:4902:49, 7 April 2025 LLMPrompt MP.L2-3.8.3.b (hist | edit) [254 bytes] David (talk | contribs) (Created page with "For the assessment objective "[b] system media containing FCI is sanitized before it is released for reuse," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:4902:49, 7 April 2025 LLMPrompt MP.L2-3.8.3.a (hist | edit) [251 bytes] David (talk | contribs) (Created page with "For the assessment objective "[a] system media containing FCI is sanitized or destroyed before disposal," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:4902:49, 7 April 2025 LLMPrompt MP.L2-3.8.3 (hist | edit) [6,658 bytes] David (talk | contribs) (Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object...")
  • 02:4502:45, 7 April 2025 LLMResponse MP.L2-3.8.1.d (hist | edit) [2,423 bytes] David (talk | contribs) (Created page with "To effectively assess that "digital media containing Controlled Unclassified Information (CUI) is securely stored," it's important to identify and prioritize relevant evidence types based on different assessment objects. Here’s a structured approach: == Evidence Types Ranking == 1. **Physical Review**: - A physical review of storage locations for digital media devices ensures direct verification that secure measures are in place, such as locked cabinets or restric...")
  • 02:4402:44, 7 April 2025 LLMResponse MP.L2-3.8.1.c (hist | edit) [2,400 bytes] David (talk | contribs) (Created page with "To effectively assess that "paper media containing Controlled Unclassified Information (CUI) is securely stored," it's important to identify and prioritize relevant evidence types based on different assessment objects. Here’s a structured approach: == Evidence Types Ranking == 1. **Physical Review**: - A physical review of storage locations provides direct, tangible evidence that paper media are stored in secure environments (e.g., locked cabinets or rooms), ensur...")
  • 02:4202:42, 7 April 2025 LLMResponse MP.L2-3.8.1.b (hist | edit) [2,346 bytes] David (talk | contribs) (Created page with "To effectively assess that "digital media containing Controlled Unclassified Information (CUI) is physically controlled," it's important to identify and prioritize relevant evidence types based on different assessment objects. Here’s a structured approach: == Evidence Types Ranking == 1. **Document**: - Documentation such as digital security policies, access control procedures, inventory logs of digital media devices, and data handling guidelines provide foundatio...")
  • 02:4002:40, 7 April 2025 LLMResponse MP.L2-3.8.1.a (hist | edit) [2,251 bytes] David (talk | contribs) (Created page with "To address the assessment objective of ensuring that "paper media containing Controlled Unclassified Information (CUI) is physically controlled," it's important to understand which evidence types are most relevant and how they align with different assessment objects. Here's a structured approach: == Evidence Types Ranking == 1. **Document**: - Documents such as system media protection policies, procedures for handling CUI, access control records, or inventory logs p...")
  • 02:3702:37, 7 April 2025 LLMResponse MP.L2-3.8.2.a (hist | edit) [2,760 bytes] David (talk | contribs) (Created page with "To assess whether "access to CUI on system media is limited to authorized users" under MP.L2-3.8.2, you need a strategic plan involving different assessment approaches and corresponding evidence types. Here's a prioritized approach: == Prioritization of Assessment Approaches == 1. **Examine (C1)**: - **Why prioritize?** Examining documents provides concrete evidence that procedures exist to limit access. - **Potential Evidence Types**: - Document: Review th...")
  • 02:3402:34, 7 April 2025 LLMPrompt MP.L2-3.8.2.a (hist | edit) [242 bytes] David (talk | contribs) (Created page with "For the assessment objective "[a] access to CUI on system media is limited to authorized users," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:3402:34, 7 April 2025 LLMPrompt MP.L2-3.8.2 (hist | edit) [5,345 bytes] David (talk | contribs) (Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object...")
  • 02:2402:24, 7 April 2025 LLMPrompt MP.L2-3.8.1.d (hist | edit) [229 bytes] David (talk | contribs) (Created page with "For the assessment objective "[d] digital media containing CUI is securely stored," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:2402:24, 7 April 2025 LLMPrompt MP.L2-3.8.1.c (hist | edit) [227 bytes] David (talk | contribs) (Created page with "For the assessment objective "[c] paper media containing CUI is securely stored," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:2402:24, 7 April 2025 LLMPrompt MP.L2-3.8.1.b (hist | edit) [235 bytes] David (talk | contribs) (Created page with "For the assessment objective "[b] digital media containing CUI is physically controlled," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:2302:23, 7 April 2025 LLMPrompt MP.L2-3.8.1.a (hist | edit) [233 bytes] David (talk | contribs) (Created page with "For the assessment objective "[a] paper media containing CUI is physically controlled," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 02:2302:23, 7 April 2025 LLMPrompt MP.L2-3.8.1 (hist | edit) [6,554 bytes] David (talk | contribs) (Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object...")
  • 00:3800:38, 7 April 2025 LLMPrompt CM.L2-3.4.7.o (hist | edit) [263 bytes] David (talk | contribs) (Created page with "For the assessment objective "[o] the use of nonessential services is restricted, disabled, or prevented as defined," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 00:3800:38, 7 April 2025 LLMPrompt CM.L2-3.4.7.n (hist | edit) [225 bytes] David (talk | contribs) (Created page with "For the assessment objective "[n] the use of nonessential services is defined," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 00:3800:38, 7 April 2025 LLMPrompt CM.L2-3.4.7.m (hist | edit) [212 bytes] David (talk | contribs) (Created page with "For the assessment objective "[m] essential services are defined," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 00:3700:37, 7 April 2025 LLMPrompt CM.L2-3.4.7.l (hist | edit) [264 bytes] David (talk | contribs) (Created page with "For the assessment objective "[l] the use of nonessential protocols is restricted, disabled, or prevented as defined," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
  • 00:3700:37, 7 April 2025 LLMPrompt CM.L2-3.4.7.k (hist | edit) [226 bytes] David (talk | contribs) (Created page with "For the assessment objective "[k] the use of nonessential protocols is defined," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?")
(newest | oldest) View (newer 50 | ) (20 | 50 | 100 | 250 | 500)
Retrieved from "https://cmmcwiki.org/index.php/Special:NewPages"