Get Ready for Your CCRI
During COVID, Command Cyber Readiness Inspections (CCRIs) were put on hold. Now they are back and, all around the DoD, departments and agencies are preparing for their audits.
The CCRI doesn’t just address digital security, it also covers the physical security of the workplace and human actions that can impact security. Here’s a brief overview of what to expect.
Get your systems in compliance.
Two of the most challenging parts of a CCRI inspection are evaluating your environment for vulnerabilities and bringing your environment into STIG compliance. Depending on how mature your compliance program is, this can either go quickly or takes months.
It can be overwhelming to maintain readiness both physically and through secure systems configurations. Automation can help with the latter. A tool like SteelCloud’s ConfigOS can automate the scanning, remediation and reporting you’ll need to accomplish for your CCRI.
Though automation helps establish CCRI readiness, its bigger mission is to be working every day to ensure ongoing STIG compliance with very little effort. In fact, ConfigOS removes 90% of the effort it takes to achieve compliance and 70% of the effort it takes to maintain it.
Make your posture your purpose.
While a CCRI will inspect your systems and their vulnerabilities—not to mention your people— it’s really not about any one specific thing. It’s about how all the million little things come together to form an overall attitude and culture of security.
The DoD wants to assess how serious you are about security and how conscientious your people are. They need to know you’re protecting CUI as well as you are protecting more sensitive data. They want to know you’re aligned with the overall mission of the DoD when it comes to cybersecurity. If you take a strong stance about security, you’ll see less of the CCRI in coming years. So getting everything buttoned up—and keeping it that way—is paramount.
CCRI is coming soon to an office near you.
Unless you are in the midst of inspection now, it has been at least three years since you’ve had a CCRI. Possibly five or six years. It is a lot of work and this first post-COVID inspection could be harder than ever because of the amount of time that has passed.
Automation can help by indexing every aspect of your network, detecting areas of non-compliance, and pinpointing necessary remediation efforts. Even if you have already begun those tasks, automation can make the process faster and easier than ever before.
To explore automating your CCRI readiness processes and to make every day more secure—contact SteelCloud today.
Leave a comment