November 17, 2022

Are you CCRI ready?

by Sean Deveci

Nobody likes getting audited or inspected. Well, almost nobody; there’s always one person who consistently blows the curve. They gleefully anticipate inspections because they know they’re going to get a glowing review. We all have names for that person, most of which shouldn’t be included in a business blog.

But what if, (bear with me) we could be that person? A leader who faces the inspection knowing that while they may find something that you could improve, you're dialed in, and everything is as it should be. That sounds like a lot more fun than the anxiety and stress that is more commonly associated with audits.

Cyber Command Readiness Inspections (CCRI) are DISA mandated and designed to ensure the security of all networks connected to the DOD information network. Inspectors will examine every part of your network looking for security posture awareness, standards compliance, vulnerabilities, and an agency’s ability to protect against cyber threats.

The inspection process is rigorous and methodical. The network itself is inspected as is your documentation. The good news is that the standards are published. It’s like getting the test questions before the exam. Inspectors will evaluate compliance using published guidelines, including:

  • Security Requirements Guides (SRGs)
  • Security Technical Information Guides (STIG)
  • USCYBERCOM warnings and tactical directives/orders
  • Communications Tasking Orders (CTO)

So now that you know the questions - it’s a “simple” matter of finding the answers. This requires evaluating the network for compliance against thousands of specifications. In this context, having the questions before the test doesn’t make matters any easier. Trying to verify compliance, produce accurate documentation, and have the right culture and processes in place takes many agencies months of intensive manual efforts. Even then, they aren’t 100% confident they’ll pass inspection because networks are constantly changing, which could take them out of compliance. And manual documentation is out of date the moment it’s completed.

Instead of investing thousands of work-hours, there is a better way. A network digital twin can help index every aspect of your network, including topology, device configuration, and state across your multi-vendor, multi-cloud environment. This information is validated at regular intervals so it’s always up to date.

Custom checks can detect non-compliance and pinpoint necessary remediation efforts. And results are mathematically accurate.

If you’d like to learn more about how this works, read our white paper, Use a Digital Twin For Impeccable Cyber Command Readiness Inspections.

If you’d like to see Forward Enterprise in action, book a 1:1 consultation on using a digital twin to ensure CCRI readiness.

Subscribe to our blog!

RELATED FORWARD CONTENT 
November 10, 2022
Why You Should Care About Vendor Hack Weeks

Hack weeks and hack-a-thons are like foosball tables; if you don’t have them, are you even a tech company? These events, once revered for innovation, are now relegated to being blasé and often perceived as little more than playtime for engineers. As someone who’s worked in tech for longer than I care to admit, I […]

Read More
October 13, 2022
How do you know a software rep is lying?

A customer posed this question to me recently; after pausing and smiling (a little too) broadly, he continued, “Their lips are moving.” I thought this would be funnier if it weren’t partly true. The software industry has over-promised and under-delivered for years, making technical executives rightfully skeptical when they hear a new promise. Unfortunately, it’s […]

Read More
September 20, 2022
When is a Digital Twin Entertaining?

When it’s ensuring that tens of thousands of visitors have the best experience possible every single day. Keeping people entertained is a 24/7 endeavor, even the smallest hiccup results in a social media firestorm. Keeping things running requires thousands of dedicated employees and a staggeringly complex network that sprawls the area of a major city […]

Read More

Sign up for our newsletter

crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram