NordLayer – The importance of multi-factor authentication for remote access 3.5 3.5.2 3.5.3 3.7 3.7.5 Identification and Authentication Maintenance
This blog post describes why multifactor authentication (MFA) is important for remote access.
SEARCH RESULTS
NSA – Media Destruction Guidance 3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
NSA's Center for Storage Device Sanitization Research (CSDSR) guides the sanitization of information system (IS) storage devices. Resources for a vendor of storage device sanitization, the NSA Evaluated Products Lists (EPLs), and contact information for the Center for Storage Device Sanitization Research are provided on this page.
RedHat – Using USBGuard 3.1 3.1.21 3.7 3.7.4 3.8 3.8.5 3.8.6 3.8.7 3.8.8 Access Control Maintenance Media Protection
The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes.
SANS – Removable Media Policy 3.1 3.1.21 3.7 3.7.4 3.8 3.8.5 3.8.6 3.8.7 3.8.8 Access Control Maintenance Media Protection
This sample policy provided by SANS discusses removable media.
SANS – Technology Equipment Disposal Policy 3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
This is a equipment disposal policy created by SANS that can be freely used.
Stanford – Data Sanitization 3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
This is Stanford University’s policy for data sanitization.
State of Georgia – System Maintenance Policy 3.5 3.5.2 3.5.3 3.7 3.7.5 Identification and Authentication Maintenance
This example policy from the State of Georgia provides a starting point for system maintenance.
US-CERT – The Risk of Using Portable Devices 3.1 3.1.21 3.7 3.7.4 3.8 3.8.5 3.8.6 3.8.7 3.8.8 Access Control Maintenance Media Protection
This paper focuses on the risks associated with simple media devices and smart media devices.
Western University – Current Recommended Practices for Destroying Data and/or Data Devices 3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
This is Western University’s recommended practices for destroying data and/or data devices.
YouTube – CMMC 2.0 Control MA L2-3.7.2 – Provide controls on the tools, techniques, mechanisms, and personnel 3.7 3.7.1 3.7.2 Maintenance
In this video, Mike breaks down CMMC 2.0 Control MA L2-3.7.2. You need written procedures, you need documentation on your process for allowing access to your systems, you are going to have to justify every step of how you run your system on paper through written procedure and that includes your IT team and who gets access to what and how they get that access.