![\"\"](\"https://cdn.uploads.micro.blog/29546/2026/your-paragraph-text2.png\")
MAM versus MDM: Data and Device Protections ![\"\"](\"https://micro.blog/photos/50/https://cdn.uploads.micro.blog/29546/2026/mdmvsmam.jpg\")
: drmacscybersecuritybrief.com
Big Announcement
\n\nThe DIB CS Program is OPEN for new companies. The outreach and onboarding functions have transitioned to DC3.
\n\nDIB Companies, with or without an FCL, working with CUI, can apply at DC3.DIB.CSRegistration@us.af.mil
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2026/02/26/big-announcement-the-dib-cs.html","date_published":"2026-02-26T15:34:43+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2026-02-26 15:34","date_timestamp":1772120083,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"85071349","content_html":"CyberDI's Customizable CMMC and Export Control Curriculum: drmacscybersecuritybrief.com
","summary":"","url":"https://www.drmacscybersecuritybrief.com/2026/02/26/cyberdis-customizable-cmmc-and-export.html","date_published":"2026-02-26T14:10:56+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2026-02-26 14:10","date_timestamp":1772115056,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":true,"is_mention":false,"note":"","syndication":[]}},{"id":"85069476","content_html":"CMMC Tool Sets: drmacscybersecuritybrief.com
","summary":"","url":"https://www.drmacscybersecuritybrief.com/2026/02/26/083004.html","date_published":"2026-02-26T13:30:04+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2026-02-26 13:30","date_timestamp":1772112604,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":true,"is_mention":false,"note":"","syndication":[]}},{"id":"82763457","content_html":"@manton I am very excited about this. I like blogging on micro.blog.
\n","url":"https://micro.blog/DoctorMac/82763457","date_published":"2026-01-24T14:02:27+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2026-01-24 14:02","date_timestamp":1769263347,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"82693408","content_html":"CMMC, Backups, and FedRAMP: drmacscybersecuritybrief.com
","summary":"","url":"https://www.drmacscybersecuritybrief.com/2026/01/23/cmmc-backups-and-fedramp.html","date_published":"2026-01-23T14:30:39+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2026-01-23 14:30","date_timestamp":1769178639,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":true,"is_mention":false,"note":"","syndication":[]}},{"id":"78110297","content_html":"AI For Security S ecurity For AI
\n\nA good intro to the risks, challenges, and opportunities
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2025/11/16/ai-for-security-s-ecurity.html","date_published":"2025-11-16T18:07:22+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2025-11-16 18:07","date_timestamp":1763316442,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"77824149","content_html":"Many people are confused by the Cross tenant collaboration and the new Microsoft UX:
\n\ngcch-m365-webinar-connect-collaborate-create-june-2025-complete.pdf
\n\n![\"\"](\"https://cdn.uploads.micro.blog/29546/2025/screenshot-2025-11-12-at-10.50.24am.png\")
\n\n\nYou know what’s “worse” and more corrupt than pardoning your family members? Pardoning your criminal coconspirators. That’s what Trump did.
\n
– Elie Mystal in The Nation making the obvious and strong defense of Biden’s pardon.
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2024/12/07/you-know-whats.html","date_published":"2024-12-07T22:16:06+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-12-07 22:16","date_timestamp":1733609766,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"49997445","content_html":"Adding sensitivity labels to SharePoint: learn.microsoft.com/en-us/pur…
\n\nunlabeled filed continue to be protected with current SharePoint permissions for the user, even though the files have left original SharePoint boundary
\n\nCOOL!
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2024/11/19/adding-sensitivity-labels.html","date_published":"2024-11-19T20:04:28+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-19 20:04","date_timestamp":1732046668,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"49914431","content_html":"Adding cross posting to Blue Sky
\n\n![\"\"](\"https://cdn.uploads.micro.blog/29546/2024/b91f7feed1.png\")
As always, better cybersecurity is better business
\nYou need to be be aware
\nGood backups save all the bucks
\n![\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Funtitled-design.png\")
\n","url":"https://micro.blog/DoctorMac/49781664","date_published":"2024-11-16T13:26:46+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:26","date_timestamp":1731763606,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49781626","content_html":"Almost all cybersecurity frameworks and government regulations require small businesses to periodically test your backup recovery systems.
\nYou need to make sure you can test processes and cloud solutions while training employees
\nYou need to run practice exercises
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2F2.png\")
\nImprove
\n","url":"https://micro.blog/DoctorMac/49781626","date_published":"2024-11-16T13:25:36+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:25","date_timestamp":1731763536,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49781540","content_html":"Small business owners often overlook on area of risk that allows attackers a chance to get your data.
\nYour backup policy needs to spell out how long copies get kept and the proper way to destroy sensitive data
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fdestroycui-1.png\")
\n","url":"https://micro.blog/DoctorMac/49781540","date_published":"2024-11-16T13:23:54+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:23","date_timestamp":1731763434,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49781359","content_html":"Once you have policy and procedures in place you should deploy the backup system
\nMeans protecting backups
\nIt is at this stage where most bad guys break into your stuff and screw it all up.
\nYou need protect the backup system at all times and most involve shared responsibility
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2F1.png\")
\n","url":"https://micro.blog/DoctorMac/49781359","date_published":"2024-11-16T13:19:27+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:19","date_timestamp":1731763167,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49781274","content_html":"For almost every small business you will land on a cloud backup solution.
\nThese do not come without risk. You need to document in your system security plan how you mitigate these risks
\nEncryption, MFA, and Least Privileged
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fcloud-back-up-vendors-1.png\")
\n","url":"https://micro.blog/DoctorMac/49781274","date_published":"2024-11-16T13:17:43+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:17","date_timestamp":1731763063,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49781184","content_html":"Chances are your Managed Service Provide or IT shop handles much of your backup, but you are responsible for the risk
\nDecisions belong to you. As you decide on the media types you need to understand the risk associated with the storage solution and shared responsibilities.
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fbackupmediatypes-2.png\")
\n","url":"https://micro.blog/DoctorMac/49781184","date_published":"2024-11-16T13:15:36+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:15","date_timestamp":1731762936,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49780967","content_html":"As you craft policies and procedures think about a 3-2-1 Backup strategy for your sensitive files
\nYou want three copies
\nYou want two different media types
\nYou want one off-site copy of anything needed for emergency restoration
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2F3-2-1-note-taking-english-worksheet-blue-scaffold-table-2.png\")
\n","url":"https://micro.blog/DoctorMac/49780967","date_published":"2024-11-16T13:10:47+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:10","date_timestamp":1731762647,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49780905","content_html":"Start now
\nYou need to identify the important files you handle and evaluate the common risks to those assets
\nKnow how the data moves, and decide how long you can be down, and how far backups need to go.
\nThen develop procedures to make sure the plan is done and tested
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fminimal-and-elegant-goals-action-plan-template-1.png\")
\n","url":"https://micro.blog/DoctorMac/49780905","date_published":"2024-11-16T13:09:14+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:09","date_timestamp":1731762554,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49780840","content_html":"All of this should be documented in your backup recovery plan.
\nJust choosing a vendor is not enough. Your back up and recovery plan should cover these eight elements
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fpastel-action-plan-pinterest-pin-3.png\")
\n","url":"https://micro.blog/DoctorMac/49780840","date_published":"2024-11-16T13:07:40+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-11-16 13:07","date_timestamp":1731762460,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"49780746","content_html":"And if your business is considered critical infrastructure
\nor if you want your insurance to be worth the money you pay.
\nYou need good backups, by demand of law and lawyers
\nAnd it means more than just hiring a Cloud Company.
\nYou need to plan
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fscreenshot-2024-11-15-at-10.39.30-am.png\")
People keep asking, “What they can do?”
\n\nHow can they help
\n\nIf you are a small business owner one of the best things you can do is make sure you have a good backup and recovery plan
\n\nGood back ups are the Victory Gardens of the 21st Century
\n\n![\"\"](\"https://cdn.uploads.micro.blog/29546/2024/vintage-beer-factory-label-circle-sticker-1.png\")
This is like some weird SEO album name thing… and it totally works.
\n\n![An Apple Music screenshot for a new music release titled \"Sleeping Ghibli Autumn Music Box Premium BEST.\" The background features a forest scene with autumn foliage and sunlight streaming through the trees.](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fjson.blog%2Fuploads%2F2024%2F763970d6-9117-4e1e-af72-395b4027fb1c.jpg\")
Under the new ZTA guidelines established by OMB M-22-09: Agencies must use strong MFA throughout their enterprise.
\nThis means all agency staff, contractors, and partners use phishing-resistant MFA for privileged access and soon, all access.
For public users, phishing-resistant MFA must be an option. Meaning signing into a government website to do your taxes
\nFor most of your basic insurance needs, not including your sensitive data, any MFA will probably suffice
\n\n","url":"https://micro.blog/DoctorMac/43134090","date_published":"2024-08-08T14:18:53+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 14:18","date_timestamp":1723126733,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43133778","content_html":"The US Government has required MFA for decades
\nExecutive Order 13681 back in 2014 “Improving the Security of Consumer Financial Transactions” made MFA
\nrequired for access to digital applications containing personal information.
NIST published SP 800-63-3 in 2017 and MFA was required to access to any personal information. They recommend phishing resistant MFA and require it for the most sensitive data.
\nIn 2021 EO 14028 “Improving the Nation’s Cybersecurity” required All US government agencies
\nrequired to implement MFA.
Then in 2022 we moved to a ZTA philosophy OMB M-22-09 and MFA now required throughout the federal enterprise.
\nBut now insurance demands it, so you need it too.
\n","url":"https://micro.blog/DoctorMac/43133778","date_published":"2024-08-08T14:14:26+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 14:14","date_timestamp":1723126466,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43133518","content_html":"Stronger MFA relies on asymmetric key cryptography. This protects from phishing attacks.
\nIn fact in NIST- SP-800-63-3 NIST sets requirements to cryptographic authenticators such as PIV/CAC, FIDO U2F authenticators, or FIDO2/WebAuthN.
\nThose are fancy two dollar words to mean a different channel for your authentication mechanism that is always encrypted.
\nPeople can’t social engineer the encrypted token because the user don’t know it
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2021%2F376e26bca4.png\")
\n","url":"https://micro.blog/DoctorMac/43133518","date_published":"2024-08-08T14:09:11+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 14:09","date_timestamp":1723126151,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43133234","content_html":"Not all MFA is Equal
\nYes Multifactor Authentication always provides greater protection than simple a username and a password but the mechanisms exist on a scale.
\nFor most small businesses enabling MFA will be enough. Others who handle sensitive data maybe required to use more stringent MFA that is resistant to Phishing attacks
\nTake phone calls are SMS messages. These are vulnerable to hacking and aren’t allowed on Federal systems. My university, on less secure data, allows SMS authentication
\nThese are called shared secrets, like one time passwords, and they are vulnerable to phishing
\n","url":"https://micro.blog/DoctorMac/43133234","date_published":"2024-08-08T14:04:09+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 14:04","date_timestamp":1723125849,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43132104","content_html":"In order for you to meet the MFA requirements of your Insurance Company you can’t just enable MFA in Microsoft or Google.
\nYou need to identify system users, you need to what processes access your system, and what devices connect to your system.
\nLike all things cyber this begins with Good Governance.
\nYou should have an identification and authentication policy. You should have an HR guide that lists the procedures used to add or remove users from your company. Your employee handbook should cover the password policy, and your training needs to cover MFA.
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2023%2Ff5f4c46bbc.png\")
\n","url":"https://micro.blog/DoctorMac/43132104","date_published":"2024-08-08T13:47:29+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 13:47","date_timestamp":1723124849,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43131723","content_html":"No single factor is ideal for authentication. Multifactor authentication to a system uses two or more of the mechanisms.
\nIdeally you want them in different channels. For example you enter a username and password in one channel, but then a token is created in your authentication app on your phone.
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fpurple-prepositions-circle-sticker.png\")
\n","url":"https://micro.blog/DoctorMac/43131723","date_published":"2024-08-08T13:40:52+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 13:40","date_timestamp":1723124452,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43131479","content_html":"Most of us have gone our whole lives using passwords as authentication. but we have four mechanisms commonly used to prove a user’s identity.
\n-Something you know like a password
\n-Something you possess. Like your ATM or MAC (for my Philly friends)
\n-Something you are. Like a finger print
\nSomething you do. Like a voice print when you say, “ My Voice Is My Passport Verify Me”
Multi-factor just means more than one
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fgreen-watercolor-leaf-on-light-yellow-background-square-pillow.png\")
\n","url":"https://micro.blog/DoctorMac/43131479","date_published":"2024-08-08T13:36:21+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 13:36","date_timestamp":1723124181,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43131150","content_html":"MFA, or multi-factor authentication, gets used in the process of how you identify users, their authorization levels, and then authenticate the users identity.
\nAuthentication means proving a user’s identity.
\n![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fwww.drmacscybersecuritybrief.com%2Fuploads%2F2024%2Fcopy-of-green-simple-healthy-meals-thank-you-circle-sticker1.png\")
\n","url":"https://micro.blog/DoctorMac/43131150","date_published":"2024-08-08T13:30:35+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2024-08-08 13:30","date_timestamp":1723123835,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"43130792","content_html":"Many companies are now hearing more and more about Multi-Factor Authentication. In fact for most small businesses you can no longer get insurance, let alone cyber coverage, without ensuring MFA gets used for all sensitive data.
\n\nReally if you can turn on Multi-Factor Authentication. You should
\n\n![\"MFA\"](\"https://cdn.uploads.micro.blog/29546/2022/18635e877f.png\")
@jean This!!
\n","url":"https://micro.blog/DoctorMac/14449300","date_published":"2022-11-28T18:41:00+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-11-28 18:41","date_timestamp":1669660860,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"14446160","content_html":"Certified CMMC Assessor: Spinning the Wheels of Trust in Much Bigger Systems ![](\"https://micro.blog/photos/50/https://www.drmacscybersecuritybrief.com/uploads/2022/4cf58d7db4.jpg\")
: drmacscybersecuritybrief.com
Hanging at Converge Security and learning about Conway’s Law at the Keynote addresds
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/09/29/hanging-at-converge.html","date_published":"2022-09-29T16:47:21+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-09-29 16:47","date_timestamp":1664470041,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"13165991","content_html":"@aaronpk this was my version: www.drmacscybersecuritybrief.com/uploads/2…
\n","url":"https://micro.blog/DoctorMac/13165991","date_published":"2022-07-20T01:18:15+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-07-20 01:18","date_timestamp":1658279895,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"13165986","content_html":"@manton micropub for migration….been a dream
\n","url":"https://micro.blog/DoctorMac/13165986","date_published":"2022-07-20T01:15:18+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-07-20 01:15","date_timestamp":1658279718,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"13165514","content_html":"Developing a Rubric to Assess Policies and Procedures for CMMC Compliance: drmacscybersecuritybrief.com
","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/07/19/developing-a-rubric.html","date_published":"2022-07-19T22:24:11+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-07-19 22:24","date_timestamp":1658269451,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":true,"is_mention":false,"note":"","syndication":[]}},{"id":"13131418","content_html":"Can you Engineer Culture in your Systems? drmacscybersecuritybrief.com
","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/07/11/can-you-engineer.html","date_published":"2022-07-11T13:43:33+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-07-11 13:43","date_timestamp":1657547013,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":true,"is_mention":false,"note":"","syndication":[]}},{"id":"12859278","content_html":"Guide to Microsoft's Security and Compliance Rebranding ![](\"https://micro.blog/photos/50/https://www.drmacscybersecuritybrief.com/uploads/2022/8f5ae1f72d.jpg\")
: drmacscybersecuritybrief.com
Matt Titcombe on the Compliance Trap from the Department of Defense.
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/05/09/matt-titcombe-on.html","date_published":"2022-05-09T20:20:00+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 20:20","date_timestamp":1652127600,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"12849499","content_html":"Amira Armond on how inheritance and CMMC works.
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/05/09/amira-armond-on.html","date_published":"2022-05-09T19:59:00+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 19:59","date_timestamp":1652126340,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"12848597","content_html":"Excited for Kyle Lai’s talk on ISO 2700. This is why I came.
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/05/09/excited-for-kyle.html","date_published":"2022-05-09T16:17:00+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 16:17","date_timestamp":1652113020,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"12848540","content_html":"Good discussion on the difference between the word specified, identified, and defined.
\n","url":"https://micro.blog/DoctorMac/12848540","date_published":"2022-05-09T16:00:40+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 16:00","date_timestamp":1652112040,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"12848511","content_html":"Then goes into software permission using a deny list and an allow list. They use the brdige approach with a permit by exception.
\n","url":"https://micro.blog/DoctorMac/12848511","date_published":"2022-05-09T15:52:54+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 15:52","date_timestamp":1652111574,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"12848508","content_html":"Auditing and MFA were the hardest part for Kratos to implement
\n","url":"https://micro.blog/DoctorMac/12848508","date_published":"2022-05-09T15:52:02+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 15:52","date_timestamp":1652111522,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"12848502","content_html":"Cole French a C3PAO on preparing for CMMC.
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/05/09/cole-french-a.html","date_published":"2022-05-09T15:50:00+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 15:50","date_timestamp":1652111400,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"12848451","content_html":"Victoria Pillitteri of NIST on future of 171
\n","summary":"","url":"https://www.drmacscybersecuritybrief.com/2022/05/09/victoria-pillitteri-of.html","date_published":"2022-05-09T15:35:00+00:00","author":{"name":"J. Gregory McVerry","url":"http://drmacscybersecuritybrief.com","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmicro.blog%2FDoctorMac%2Favatar.jpg","_microblog":{"username":"DoctorMac"}},"_microblog":{"date_relative":"2022-05-09 15:35","date_timestamp":1652110500,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}}]}![www.drmacscybersecuritybrief.com/uploads/2…](\"https://www.drmacscybersecuritybrief.com/uploads/2022/ff73583364.png\"){kind=link}