November 17, 2022

Are you CCRI ready?

by Sean Deveci

Nobody likes getting audited or inspected. Well, almost nobody; there’s always one person who consistently blows the curve. They gleefully anticipate inspections because they know they’re going to get a glowing review. We all have names for that person, most of which shouldn’t be included in a business blog.

But what if, (bear with me) we could be that person? A leader who faces the inspection knowing that while they may find something that you could improve, you're dialed in, and everything is as it should be. That sounds like a lot more fun than the anxiety and stress that is more commonly associated with audits.

Cyber Command Readiness Inspections (CCRI) are DISA mandated and designed to ensure the security of all networks connected to the DOD information network. Inspectors will examine every part of your network looking for security posture awareness, standards compliance, vulnerabilities, and an agency’s ability to protect against cyber threats.

The inspection process is rigorous and methodical. The network itself is inspected as is your documentation. The good news is that the standards are published. It’s like getting the test questions before the exam. Inspectors will evaluate compliance using published guidelines, including:

  • Security Requirements Guides (SRGs)
  • Security Technical Information Guides (STIG)
  • USCYBERCOM warnings and tactical directives/orders
  • Communications Tasking Orders (CTO)

So now that you know the questions - it’s a “simple” matter of finding the answers. This requires evaluating the network for compliance against thousands of specifications. In this context, having the questions before the test doesn’t make matters any easier. Trying to verify compliance, produce accurate documentation, and have the right culture and processes in place takes many agencies months of intensive manual efforts. Even then, they aren’t 100% confident they’ll pass inspection because networks are constantly changing, which could take them out of compliance. And manual documentation is out of date the moment it’s completed.

Instead of investing thousands of work-hours, there is a better way. A network digital twin can help index every aspect of your network, including topology, device configuration, and state across your multi-vendor, multi-cloud environment. This information is validated at regular intervals so it’s always up to date.

Custom checks can detect non-compliance and pinpoint necessary remediation efforts. And results are mathematically accurate.

If you’d like to learn more about how this works, read our white paper, Use a Digital Twin For Impeccable Cyber Command Readiness Inspections.

If you’d like to see Forward Enterprise in action, book a 1:1 consultation on using a digital twin to ensure CCRI readiness.

Subscribe to our blog!

RELATED FORWARD CONTENT 
September 13, 2023
A Financial Services Company Saved “7 Figures” By Improving Network Inventory Management

Everyone knows inventory management is important – but so are the 100+ other things we need to do, and let’s face it, the inventory is not on fire. Given the benefits one customer experienced, maybe it should be.   On September 14, at 2:00pm Eastern time, we’re hosting a webinar, featuring special guests, Michael Wynston, Director of Network Architecture and […]

Read More
September 7, 2023
What’s worse than a toothache?

For me, I’d have to say it’s sitting through a high-pressure demo with a sales guy who needs to close business. Given the choice, I’ll take the dentist office visit anytime, at least they give you meds! We realize that sales demos aren’t always pleasant. And while we strive to create a comfortable environment for […]

Read More
August 23, 2023
How do you Monitor and Manage a Network Without Borders?

There are only two options for managing a global multi-cloud network: either by using a combination of inference, hope, and intuition or with mathematical certainty. When conducting 5 million financial transactions daily, it’s essential to operate with certainty, regardless of your network’s size or geographical distribution. Auditors don’t accept inferences; they demand certainty when determining […]

Read More
crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram