User contributions for David

3 April 2025

• 02:1902:19, 3 April 2025 diff hist +3,265 N LLMResponse PS.L2-3.9.1.a Created page with "I'll help you prepare for your CMMC Level 2 assessment of the PS.L2-3.9.1 - SCREEN INDIVIDUALS practice. Based on the assessment guidance you've provided and the CMMC Assessment Guide, I'll suggest what evidence would be appropriate to demonstrate compliance with this practice. == Understanding the Requirement == PS.L2-3.9.1 requires screening individuals before authorizing their access to organizational systems containing CUI. The assessment objective is to determine..."
• 02:0002:00, 3 April 2025 diff hist −124 Commonly Accepted and Practiced CMMC Operation Matrix →Personnel Security (PS)
• 01:4401:44, 3 April 2025 diff hist −503 32 CFR Part 170 No edit summary
• 01:4001:40, 3 April 2025 diff hist 0 CMMC Assessment Process No edit summary

2 April 2025

• 14:0214:02, 2 April 2025 diff hist −1 LLMPrompt AC.L2-3.1.1 No edit summary current
• 04:5104:51, 2 April 2025 diff hist +2,989 N LLMResponse MA.L2-3.7.6.a Created page with "# Evidence Types and Assessment Approaches for Practice MA.L2-3.7.6 Based on my analysis of the CMMC Level 2 Assessment Guide and the information provided about practice MA.L2-3.7.6 (Maintenance Personnel), I can provide recommendations on evidence types and assessment approaches for the objective: "[a] maintenance personnel without required access authorization are supervised during maintenance activities." == Ranking of Evidence Types == From most to least valuable..." current
• 04:5004:50, 2 April 2025 diff hist +286 N LLMPrompt MA.L2-3.7.6.a Created page with "For the assessment objective "[a] maintenance personnel without required access authorization are supervised during maintenance activities," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
• 04:5004:50, 2 April 2025 diff hist +5,944 N LLMPrompt MA.L2-3.7.6 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
• 04:4504:45, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.2.d No edit summary current
• 04:4504:45, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.2.c No edit summary current
• 04:4504:45, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.2.b No edit summary current
• 04:4504:45, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.2.a No edit summary current
• 04:4504:45, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.1.a No edit summary current
• 04:4404:44, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.3.a No edit summary current
• 04:4404:44, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.4.a No edit summary current
• 04:4404:44, 2 April 2025 diff hist +3,004 N LLMResponse MA.L2-3.7.5.b Created page with "For assessment objective [b], which focuses on ensuring nonlocal maintenance sessions are terminated when maintenance is complete, I'll provide rankings and prioritization based on the CMMC requirements. == Ranking of Evidence Types == For the termination of nonlocal maintenance sessions, I recommend ranking evidence types as follows: 1. **Screen Share (I4)** - Highest value evidence as it allows direct observation of the session termination process, showing both manu..." current
• 04:4204:42, 2 April 2025 diff hist +309 N LLMPrompt MA.L2-3.7.5.b Created page with "For the assessment objective "[b] nonlocal maintenance sessions established via external network connections are terminated when nonlocal maintenance is complete," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
• 04:4204:42, 2 April 2025 diff hist −1 LLMPrompt MA.L2-3.7.5.a No edit summary current
• 04:3904:39, 2 April 2025 diff hist +2,766 N LLMResponse MA.L2-3.7.5.a Created page with "I'll analyze the best approach for assessing objective [a] of CMMC practice MA.L2-3.7.5, which requires multifactor authentication for establishing nonlocal maintenance sessions via external network connections. == Ranking of Evidence Types == For this specific assessment objective, here's how I would rank the evidence types: 1. **Screen Share (I4)** - This provides the strongest real-time evidence as you can directly observe the multifactor authentication process in..." current
• 04:3804:38, 2 April 2025 diff hist +293 N LLMPrompt MA.L2-3.7.5.a Created page with "For the assessment objective "[a] multifactor authentication is used to establish nonlocal maintenance sessions via external network connections," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 04:3804:38, 2 April 2025 diff hist +7,087 N LLMPrompt MA.L2-3.7.5 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
• 04:3104:31, 2 April 2025 diff hist +3 LLMResponse MA.L2-3.7.3.a No edit summary current
• 04:3104:31, 2 April 2025 diff hist +3,243 N LLMResponse MA.L2-3.7.4.a Created page with "# Analyzing Evidence Collection for CMMC MA.L2-3.7.4 Media Inspection Based on the information provided, I'll help you rank evidence types and prioritize assessment approaches for the assessment objective regarding checking media containing diagnostic and test programs for malicious code. == Evidence Type Ranking == For this specific assessment objective, here's how I would rank the evidence types: 1. **Screen Share (I4)** - This would provide the most direct evidenc..." current
• 04:2904:29, 2 April 2025 diff hist +340 N LLMPrompt MA.L2-3.7.4.a Created page with "For the assessment objective "[a] media containing diagnostic and test programs are checked for malicious code before being used in organizational systems that process, store, or transmit CUI," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 04:2904:29, 2 April 2025 diff hist +5,909 N LLMPrompt MA.L2-3.7.4 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
• 04:2204:22, 2 April 2025 diff hist +3,990 N LLMResponse MA.L2-3.7.3.a Created page with "I'll help you rank the evidence types and prioritize assessment approaches for assessing compliance with MA.L2-3.7.3 (Equipment Sanitization), specifically the objective of ensuring equipment removed for off-site maintenance is sanitized of any CUI. == Ranking of Evidence Types == 1. **Artifacts** - Highest priority evidence type - Media sanitization records showing what equipment was sanitized - Equipment sanitization logs - Chain of custody documentation..."
• 04:2204:22, 2 April 2025 diff hist +282 N LLMPrompt MA.L2-3.7.3.a Created page with "For the assessment objective "[a] equipment to be removed from organizational spaces for off-site maintenance is sanitized of any CUI," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 04:2104:21, 2 April 2025 diff hist +6,206 N LLMPrompt MA.L2-3.7.3 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
• 04:0104:01, 2 April 2025 diff hist 0 Commonly Accepted and Practiced CMMC Operation Matrix →MA.L2-3.7.3 – Equipment Sanitization
• 03:5703:57, 2 April 2025 diff hist +3,286 N LLMResponse MA.L2-3.7.2.d Created page with "I'll help you determine the most effective approach for collecting evidence and evaluating assessment objective "[d] personnel used to conduct system maintenance are controlled" in practice MA.L2-3.7.2. == Ranking Evidence Types for Assessment Objective [d] == Based on the CMMC Assessment Guide and the assessment objects you provided, I would rank the evidence types for this objective as follows: 1. **Documents** - Most valuable because they establish the personnel co..." current
• 03:5603:56, 2 April 2025 diff hist +242 N LLMPrompt MA.L2-3.7.2.d Created page with "For the assessment objective "[d] personnel used to conduct system maintenance are controlled," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 03:5603:56, 2 April 2025 diff hist +3,068 N LLMResponse MA.L2-3.7.2.c Created page with "I'll help you determine the most effective approach for collecting evidence and evaluating assessment objective "[c] mechanisms used to conduct system maintenance are controlled" in practice MA.L2-3.7.2. == Ranking Evidence Types for Assessment Objective [c] == Based on the CMMC Assessment Guide and the assessment objects you provided, I would rank the evidence types for this objective as follows: 1. **Artifacts** - Most valuable because they demonstrate actual implem..." current
• 03:5503:55, 2 April 2025 diff hist +243 N LLMPrompt MA.L2-3.7.2.c Created page with "For the assessment objective "[c] mechanisms used to conduct system maintenance are controlled," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 03:5203:52, 2 April 2025 diff hist +3,111 N LLMResponse MA.L2-3.7.2.b Created page with "I'll help you determine the most effective approach for collecting evidence and evaluating assessment objective "[b] techniques used to conduct system maintenance are controlled" in practice MA.L2-3.7.2. == Ranking Evidence Types for Assessment Objective [b] == Based on the CMMC Assessment Guide and the assessment objects you provided, I would rank the evidence types for this objective as follows: 1. **Documents** - Most valuable because they establish the framework f..." current
• 03:5103:51, 2 April 2025 diff hist +243 N LLMPrompt MA.L2-3.7.2.b Created page with "For the assessment objective "[b] techniques used to conduct system maintenance are controlled," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 03:2503:25, 2 April 2025 diff hist +2,766 N LLMResponse MA.L2-3.7.2.a Created page with "I'll help you determine the most effective approach for collecting evidence and evaluating assessment objective "[a] tools used to conduct system maintenance are controlled" in practice MA.L2-3.7.2. == Ranking Evidence Types for Assessment Objective [a] == Based on the CMMC Assessment Guide and the assessment objects you provided, I would rank the evidence types for this objective as follows: 1. **Artifacts** - Most valuable because they demonstrate actual implementat..." current
• 03:2403:24, 2 April 2025 diff hist +238 N LLMPrompt MA.L2-3.7.2.a Created page with "For the assessment objective "[a] tools used to conduct system maintenance are controlled," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 03:2403:24, 2 April 2025 diff hist +6,766 N LLMPrompt MA.L2-3.7.2 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
• 02:5202:52, 2 April 2025 diff hist +2,374 N LLMResponse MA.L2-3.7.1.a Created page with "I'll help you prioritize your assessment approaches and evidence types for the MA.L2-3.7.1 requirement. Based on the CMMC Level 2 Assessment Guide and the specifics of this security practice, here's my recommendation: == Assessment Approaches Priority == 1. **Examine** - This should be your first approach because system maintenance documentation provides foundational evidence of your maintenance program. Examining maintenance records, policies, and schedules will show..." current
• 02:5102:51, 2 April 2025 diff hist +214 N LLMPrompt MA.L2-3.7.1.a Created page with "For the assessment objective "[a] system maintenance is performed," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?""
• 02:5002:50, 2 April 2025 diff hist +5,669 N LLMPrompt MA.L2-3.7.1 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
• 02:5002:50, 2 April 2025 diff hist 0 Commonly Accepted and Practiced CMMC Operation Matrix →MA.L2-3.7.1 – Perform Maintenance
• 02:3102:31, 2 April 2025 diff hist −310 Commonly Accepted and Practiced CMMC Operation Matrix →Maintenance (MA)

31 March 2025

• 02:2202:22, 31 March 2025 diff hist −62 Commonly Accepted and Practiced CMMC Operation Matrix →AC.L2-3.1.7 – Privileged Functions
• 02:2002:20, 31 March 2025 diff hist −62 Commonly Accepted and Practiced CMMC Operation Matrix →AC.L2-3.1.6 – Non-Privileged Account Use
• 02:1902:19, 31 March 2025 diff hist −62 Commonly Accepted and Practiced CMMC Operation Matrix →AC.L2-3.1.5 – Least Privilege
• 02:1702:17, 31 March 2025 diff hist −62 Commonly Accepted and Practiced CMMC Operation Matrix →AC.L2-3.1.4 – Separation of Duties
• 02:1502:15, 31 March 2025 diff hist −124 Commonly Accepted and Practiced CMMC Operation Matrix →Access Control (AC)
• 02:0802:08, 31 March 2025 diff hist −1 Commonly Accepted and Practiced CMMC Operation Matrix →SC.L2-3.13.4 – Shared Resource Control
• 02:0802:08, 31 March 2025 diff hist +39 Commonly Accepted and Practiced CMMC Operation Matrix →MP.L2-3.8.8 – Shared Media