User contributions for David

02:3102:31, 30 April 2025 diff hist +2,710 N LLMResponse AC.L2-3.1.4.c Created page with "Ranking Evidence Types for Assessment Objective [c] For the assessment objective "[c] access privileges that enable individuals to exercise the duties that require separation are granted to separate individuals," here's the ranking of evidence types supported by assessment objects: == Evidence Type Ranking == 1. **Artifacts (highest value)** - System access authorization records showing privilege distribution - Access control lists demonstrating separation of pr..." current
02:3002:30, 30 April 2025 diff hist +2,553 N LLMResponse AC.L2-3.1.4.b Created page with "Ranking Evidence Types for Assessment Objective [b] For the assessment objective "[b] responsibilities for duties that require separation are assigned to separate individuals," here's the ranking of evidence types supported by assessment objects: == Evidence Type Ranking == 1. **Artifacts (highest value)** - User account listings with role assignments - System access authorizations showing different individuals assigned to separated duties - Access control ma..." current
02:2902:29, 30 April 2025 diff hist +2,368 N LLMResponse AC.L2-3.1.4.a Created page with "Ranking Evidence Types for Assessment Objective [a] For the assessment objective "[a] the duties of individuals requiring separation are defined," I'll rank the evidence types supported by assessment objects from most to least valuable: == Evidence Type Ranking == 1. **Documents (highest value)** - Access control policy documents - Written procedures addressing divisions of responsibility and separation of duties - System security plan with defined separation..." current
02:2802:28, 30 April 2025 diff hist +305 N LLMPrompt AC.L2-3.1.4.c Created page with "For the assessment objective, [c] access privileges that enable individuals to exercise the duties that require separation are granted to separate individuals, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:2802:28, 30 April 2025 diff hist +269 N LLMPrompt AC.L2-3.1.4.b Created page with "For the assessment objective, [b] responsibilities for duties that require separation are assigned to separate individuals, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:2702:27, 30 April 2025 diff hist +239 N LLMPrompt AC.L2-3.1.4.a Created page with "For the assessment objective, [a] the duties of individuals requiring separation are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:2502:25, 30 April 2025 diff hist +6,442 N LLMPrompt AC.L2-3.1.4 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
02:1802:18, 30 April 2025 diff hist +2,315 N LLMResponse AC.L2-3.1.3.e Created page with "Ranking Evidence Types for Enforcement of CUI Flow Authorizations For assessment objective [e] "approved authorizations for controlling the flow of CUI are enforced," here's my ranking of evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Technical Testing Evidence (Highest Priority)** - Results from testing mechanisms implementing information flow enforcement policy - Configuration screenshots of boundary protection devices..." current
02:1702:17, 30 April 2025 diff hist +2,287 N LLMResponse AC.L2-3.1.3.d Created page with "Ranking Evidence Types for CUI Flow Authorizations For assessment objective [d] "authorizations for controlling the flow of CUI are defined," here's my ranking of evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Documentation (Highest Priority)** - List of information flow authorizations - Access control policy sections on authorization requirements - System connection or processing agreements - System security plan se..." current
02:1602:16, 30 April 2025 diff hist +2,382 N LLMResponse AC.L2-3.1.3.c Created page with "Ranking Evidence Types for Designated Sources and Destinations For assessment objective [c] "designated sources and destinations (e.g., networks, individuals, and devices) for CUI within the system and between interconnected systems are identified," here's my ranking of evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Documentation (Highest Priority)** - Network diagrams showing CUI flow paths - System design documentation id..." current
02:1402:14, 30 April 2025 diff hist +2,127 N LLMResponse AC.L2-3.1.3.b Created page with "Ranking Evidence Types for Methods and Enforcement Mechanisms For assessment objective [b] "methods and enforcement mechanisms for controlling the flow of CUI are defined," here's how I rank the evidence types based on the CMMC assessment objects: == Evidence Type Ranking == 1. **Documentation (High Priority)** - System design documentation showing flow control mechanisms - Configuration settings and associated documentation - Information flow control policie..." current
02:1302:13, 30 April 2025 diff hist +1,938 N LLMResponse AC.L2-3.1.3.a Created page with "Ranking Evidence Types for Information Flow Control Policies For assessment objective [a] "information flow control policies are defined," I'll rank the evidence types from most to least important based on the assessment objects in the CMMC documentation: == Evidence Type Ranking == 1. **Documentation (Highest Priority)** - Access control policy documents - Information flow control policy documentation - System security plan sections on information flow -..." current
02:1102:11, 30 April 2025 diff hist +249 N LLMPrompt AC.L2-3.1.3.e Created page with "For the assessment objective, [e] approved authorizations for controlling the flow of CUI are enforced, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:1102:11, 30 April 2025 diff hist +239 N LLMPrompt AC.L2-3.1.3.d Created page with "For the assessment objective, [d] authorizations for controlling the flow of CUI are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:1102:11, 30 April 2025 diff hist +335 N LLMPrompt AC.L2-3.1.3.c Created page with "For the assessment objective, [c] designated sources and destinations (e.g., networks, individuals, and devices) for CUI within the system and between interconnected systems are identified, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:1002:10, 30 April 2025 diff hist +259 N LLMPrompt AC.L2-3.1.3.b Created page with "For the assessment objective, [b] methods and enforcement mechanisms for controlling the flow of CUI are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:1002:10, 30 April 2025 diff hist +226 N LLMPrompt AC.L2-3.1.3.a Created page with "For the assessment objective, [a] information flow control policies are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
02:1002:10, 30 April 2025 diff hist +10,083 N LLMPrompt AC.L2-3.1.3 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current
01:5701:57, 30 April 2025 diff hist +8 LLMResponse AC.L2-3.1.2.b No edit summary current Tag: Visual edit: Switched
01:5601:56, 30 April 2025 diff hist +2,179 N LLMResponse AC.L2-3.1.2.b Created page with "For assessment objective [b] - determining if "system access is limited to the defined types of transactions and functions for authorized users," I recommend the following prioritization of evidence types and assessment approaches: ### Evidence Types (ranked) 1. **Artifacts** - Highest priority - Access control implementation records - System logs showing access attempts (approved and denied) - Screenshots of permission settings in production systems - Outp..."
01:5601:56, 30 April 2025 diff hist +2,314 N LLMResponse AC.L2-3.1.2.a Created page with "Based on your document, I'll help you prioritize evidence types for assessing objective [a] under the AC.L2-3.1.2 practice "Transaction & Function Control." This objective aims to determine if "the types of transactions and functions that authorized users are permitted to execute are defined." For this specific assessment objective, I recommend prioritizing the evidence types in the following order: 1. **Artifacts** - Highest priority - Documentation defining user r..." current
01:5101:51, 30 April 2025 diff hist +277 N LLMPrompt AC.L2-3.1.2.b Created page with "For the assessment objective, [b] system access is limited to the defined types of transactions and functions for authorized users, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
01:5001:50, 30 April 2025 diff hist +279 N LLMPrompt AC.L2-3.1.2.a Created page with "For the assessment objective, [a] the types of transactions and functions that authorized users are permitted to execute are defined, rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current
01:5001:50, 30 April 2025 diff hist +6,124 N LLMPrompt AC.L2-3.1.2 Created page with "I am a cybersecurity manager working for an organization that is a DoD contractor. I need to implement various security practices that conform to DoD's CMMC program at level 2. The CMMC program stipulates security practices that are based on NIST Special Publication 800-171 R2. For each security practice of CMMC Level 2, I need to show evidence that my organization is in compliance with CMMC. Each security practice has a security requirement and several assessment object..." current

21:5921:59, 13 April 2025 diff hist −1 Practice IA.L2-3.5.3 Details →Potential Assessment Considerations current
21:5421:54, 13 April 2025 diff hist +1 Practice RA.L2-3.11.2 Details →FURTHER DISCUSSION current
21:5421:54, 13 April 2025 diff hist +1 Practice RA.L2-3.11.3 Details →FURTHER DISCUSSION current
21:1721:17, 13 April 2025 diff hist −2 Practice RA.L2-3.11.1 Details →FURTHER DISCUSSION current
20:5220:52, 13 April 2025 diff hist −1 Practice IA.L2-3.5.5 Details →FURTHER DISCUSSION current
20:2920:29, 13 April 2025 diff hist 0 Practice AT.L2-3.2.1 Details →FURTHER DISCUSSION current
20:0720:07, 13 April 2025 diff hist −1 Practice AC.L2-3.1.3 Details →FURTHER DISCUSSION current

21:2421:24, 12 April 2025 diff hist +2 MediaWiki:Sidebar No edit summary current

16:0016:00, 11 April 2025 diff hist −24 Level 2 Assessment Guide →MP.L2-3.8.8 – Shared Media

03:0203:02, 7 April 2025 diff hist +2,899 N LLMResponse MP.L2-3.8.4.b Created page with "To effectively assess whether "media containing Controlled Unclassified Information (CUI) is marked with distribution limitations" under your organization’s media marking practices, it's crucial to understand which evidence types are supported by different assessment objects and how to sequence these assessments. == Evidence Types Supported by Assessment Objects == 1. **Examine:** - **Assessment Objectives:** System security plan; system media protection policy...." current
03:0103:01, 7 April 2025 diff hist +3,268 N LLMResponse MP.L2-3.8.4.a Created page with "To effectively assess whether "media containing CUI is marked with applicable CUI markings" under MP.L2-3.8.4 within your organization's media marking practices for Controlled Unclassified Information (CUI), it’s essential to use a strategic approach that involves selecting appropriate assessment objects, evidence types, and prioritizing assessment methods. == Evidence Types Supported by Assessment Objects == 1. **Examine:** - **Assessment Objectives:** System med..." current
02:5902:59, 7 April 2025 diff hist +242 N LLMPrompt MP.L2-3.8.4.b Created page with "For the assessment objective "[b] media containing CUI is marked with distribution limitations," rank the evidence types supported by assessment objects. Also, how should I prioritize the three assessment approaches in obtaining the evidence?" current

User contributions for David

28 September 2025

11 September 2025

16 August 2025

11 June 2025

28 May 2025

27 May 2025

21 May 2025

14 May 2025

13 May 2025

10 May 2025

30 April 2025

13 April 2025

12 April 2025

11 April 2025

7 April 2025

Navigation menu

Search