????️ Assessment Ke Teen Aham Marahil
Assessment sirf aik meeting ka naam nahi, balki ye aik lamba process hai:
1. Planning & Preparation
Is marhale mein aap apna **System Security Plan (SSP)** final karte hain. Assessment se pehle aapko ye yaqeen kar lena chahiye ke koi bhi POAM (Plan of Action and Milestones) open nahi hai, kyunke Level 2 certification ke liye tamam 110 controls ka active hona lazmi hai.
2. On-Site / Remote Conduct
Certified Assessors aapki organization ka audit karte hain. Wo teen cheezon par focus karte hain:
- Examination: Policies, logs, aur configuration settings ka review.
- Interviews: IT admins aur employees se sawal jawab.
- Testing: Physical aur technical controls ki verification (e.g. badge access, firewall rules).
3. Final Reporting
Assessors apni report **Cyber AB** ko submit karte hain. Agar aapka score 110/110 hai, toh aapko 3 saal ke liye certification mil jati hai. Agar kuch kamian hain, toh aapko unhe theek karne ke liye aik mehdood waqt (limited time) diya jata hai.
???? Assessment Readiness Checklist
| Artifact Name | Description | Importance |
|---|---|---|
| System Security Plan (SSP) | Aapki security ka blueprint. | Extreme |
| Training Logs | Staff ki cybersecurity awareness ka saboot. | High |
| Incident Response Plan | Attack ki surat mein action plan. | High |
| Network Diagram | Data flows aur boundaries ki wazahat. | Medium |
???? Assessment Mein Kamyabi Ke Tips
Assessors "Show Me" approach par yaqeen rakhte hain. Is liye:
- Evidence is Everything: Har control ke liye kam az kam do saboot (artifacts) tayyar rakhein.
- Mock Assessment: Asal assessment se pehle kisi consultant se "Gap Analysis" ya "Mock Audit" zaroor karwaein.
- Know Your Boundaries: Assessor ko wazeh taur par batayein ke aapka CUI kahan store hota hai taake wo fizool systems ko audit na karein.
cmmc assessment