Search

First Draft of our Certified Assessor Objectives

Updated: Sep 22

In my last post I discussed our strategies of leaving behind a world of NDA's into working openly in our efforts as a Licensed CMMC-AB Publishing Partner.


We all have the same goal: Keep America's data safe. Every assessor will complete the same certification exam. So doesn't working together make the most sense?


So we promised to adopt open Practices and openly license our Certified Professional and Certified Assessor objectives.


While we will conduct a rigorous content validity study we welcome feedback on these drafts. Just drop a comment or an email.


We have also given our objectives a CC-BY-SA license so you can feel free to use them in any cybersecurity course or training. Just make sure to give us credit and give any deritiave work the same license


Overview and Intro


Define FCI

Define CUI

Compare FCI and CUI

Explain importance of protecting FCI and CUI

Describe controls to protect FCI


Assessment Methodologies


Define four phases of assessment methodology

Identify conditions necessary for assessment

Compare remediation approaches

Evaluate an assessment plan

Write an evaluation plan


Identification and Authentication


Define discretionary, mandatory, attribute, and role based access control

Evaluate access control policies

Compare access control strategies

Evaluate threats to multifactor authentication, two-factor vs. three-factor authentication

Construct token based solution to authentication

Develop a trust path to support internetwork authentication and authorization

Manage authorization, proofing, provisioning, and maintenance across user life cycle


Media Production

Describe strategies to sanitize media of Federal Contract Information


Physical Protection

Role-play visitor access scenario

Compare audit logs to reveal physical threat access

Evaluate plans to limit physical access

Appraise visitor device access policies


System and Communication

Define and compare external and internal boundaries

Develop a plan to monitor, control, and protect organizational communications

Identify components of a subnetwork to release publicly available information

Describe the threats and protections caused by gateways, routers, firewalls, guards,

Complete network-based malicious code analysis

Utilize virtualization systems for threat analysis

Evaluate strategies to physically or logically separate data and assets


System and Information Integrity


Identify flaws in information integrity during role play scenarios

Develop a patch management plan for fictional system

Define zero-day vulnerability

Utilize code and vulnerability scans to identify threats




57 views1 comment
 

1-844-DATA-INT

  • Twitter
  • LinkedIn

©2020 by Cyber Data Intelligence