NUDG Introduction
Welcome to NUDG Systems. This guide is meant to give you a brief
overview of how we recommend starting your journey on cyber security
compliance.
While there's no right order to
manage things, setting up the foundation correctly at the beginning can
save you future headaches as you're diving into the family policies.
Before getting started, it's important to note that you should NEVER store passwords, CUI data, or sensitive information
(firewall secret keys/passphrases or encryption keys), inside a cloud
based system. NUDG is a living document tracking system to keep your
security compliance clean, organized, and easy to reference. It is not a
password keeper, and per CMMC and NIST requirements, CUI data
especially needs to be controlled and kept offline as much as possible.
Navigation Menu
We'll start with the navigation menu. In order you have the following:
Dashboard - Your main starting point to track progress and tasks
Family Policies - The "guts" of the system, containing all the families and identifiers
Company Information - This is where you can add your own company details, as well as related companies
Inventories - Your inventory system and firewall ports and protocols
User, Groups, & Roles - Users, Groups, and Role Mapping
Reports - The main reporting functions
Partners - Vendors and Suppliers
Resources
- Incident response reporting, and where to store generic templates
such as AUP (Acceptable Usage Policy) or any supporting documents you
need to track, such as cyber security training
Tasks - Events and Tasks
Gap
Assessments - Full gap assessment (the GAP Assessment is also broken
down in the Identifier Quadrant, sorted to it's appropriate card)
CMMC
- The CMMC levels pulled out and sorted to their appropriate levels.
Changes here will make changes to the appropriate family cards as well.
NIST
- NIST Controls and NIST NFO's, pulled out and sorted. Changes here
will make changes to the appropriate family cards as well
Help Center - Direct links to these articles as well as your own personal tool to hyperlink data you feel is useful
DASHBOARD
Below
is your primary starting point for navigation and the main dashboard.
On the top you'll see completed CMMC Practices, NIST Controls, and your
total point allocation of the methodology system. On the bottom left,
you'll see your completion status on the graph bars. On the bottom
right, you'll see any open Tasks you have created.
Before
you get started, you should determine what your goal is. Even though
NIST and CMMC overlap, they do have different requirements. Please
refer to the CMMC or NIST specific help guides to see the differences.
Regardless
of which you choose, if you plan on using NUDG to handle your users,
roles, groups, and inventory. That is where we recommend starting. The
reason for this is you can later map the associated items when creating
weaknesses (also known as deficiencies), allowing for a more organized
and cross linked approach. The more information you give, the more
thorough your end results will be.
Family Policies
Your family policy (or written Policy) is on the header of each family. These are locked in, and added to reports:
The
scope and overview are covered by the identifiers themselves via the
sub title, and various information within each identifier. Each
identifier together satisfy the broad policy statement in different
ways.
Identifiers:
Please see the Quadrant section for further information about Identifiers.
Related Articles
Basic Troubleshooting & System Status
NUDG has just recently been completely redesigned in this release, and we have been working diligently to migrate legacy data over to the new system. Given that NUDG is also in active development, you may experience hiccups along the way. Please do ...Help Center Usage
The Help Center provides some documentation from NUDG to get you started. However, you can adjust it as well to meet your own needs. Take for an example a technical article, or internal webpage in your company. You can create your own help center ...Vendors, Suppliers & CUI Contracts
Vendors, Supplies, & CUI Contracts, similar to Inventory, an optional section of NUDG if you wish to keep track if your company relationships. We've provided the form fields for that purpose, but it's optional on whether you want to use it or not. ...Reporting Features
The entire NUDG system is made up of hundreds of reports, everything from the reference and mapping of the Identifier card itself, as well as the Quandrant. NUDG itself is the report, and ideally upon request, we can issue a "read only" account for ...Inventory Form
The inventory form is based off Fedramp's requirements. All displayed fields come direction from their handbook. All non-displayed fields, are just additional information you may wish to fill out inside the asset. The asset identifier is used ...