CMMC Requirement SI.L3-3.14.6E – Threat-Guided Intrusion Detection: Use threat indicator information and effective mitigations obtained from, at a minimum, open or commercial sources, and any DoD-provided sources, to guide and inform intrusion detection and threat...
CMMC Requirement SI.L3-3.14.3E – Specialized Asset Security: Ensure that specialized assets including IoT, IIoT, OT, GFE, Restricted Information Systems and test equipment are included in the scope of the specified enhanced security requirements or are segregated in...
CMMC Requirement SI.L3-3.14.1E – Integrity Verification: Verify the integrity of security critical and essential software using root of trust mechanisms or cryptographic signatures. Links to Publicly Available Resources Built In – 8 Anomaly Detection Algorithms...
CMMC Requirement SC.L3-3.13.4E – Isolation: Employ physical isolation techniques or logical isolation techniques or both in organizational systems and system components. Links to Publicly Available Resources Center for Internet Security (CIS) Critical Security...
CMMC Requirement CA.L3-3.12.1E – Penetration Testing: Conduct penetration testing at least annually or when significant security changes are made to the system, leveraging automated scanning tools and ad hoc tests using subject matter experts. Links to Publicly...
CMMC Requirement RA.L3-3.11.7E – Supply Chain Risk Plan: Develop a plan for managing supply chain risks associated with organizational systems and system components; update the plan at least annually, and upon receipt of relevant cyber threat information, or in...
CMMC Requirement RA.L3-3.11.6E – Supply Chain Risk Response: Assess, respond to, and monitor supply chain risks associated with organizational systems and system components. Links to Publicly Available Resources CMMC Level 3 Assessment Guide This document provides...
CMMC Requirement RA.L3-3.11.5E – Security Solutions Effectiveness: Assess the effectiveness of security solutions at least annually or upon receipt of relevant cyber threat information, or in response to a relevant cyber incident, to address anticipated risk to...
CMMC Requirement RA.L3-3.11.4E – Security Solution Rationale: Document or reference in the system security plan the security solution selected, the rationale for the security solution, and the risk determination. Links to Publicly Available Resources CMMC Level 3...
CMMC Requirement RA.L3-3.11.3E – Advanced Risk Identification: Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems, and system components. Links to Publicly Available Resources CMMC Level...
