CMMC Requirement SI.L3-3.14.6E – Threat-Guided Intrusion Detection: Use threat indicator information and effective mitigations obtained from, at a minimum, open or commercial sources, and any DoD-provided sources, to guide and inform intrusion detection and threat...
CMMC Requirement SI.L3-3.14.3E – Specialized Asset Security: Ensure that specialized assets including IoT, IIoT, OT, GFE, Restricted Information Systems and test equipment are included in the scope of the specified enhanced security requirements or are segregated in...
CMMC Requirement SI.L3-3.14.1E – Integrity Verification: Verify the integrity of security critical and essential software using root of trust mechanisms or cryptographic signatures. Links to Publicly Available Resources – Coming Soon NIST SP 800-147 BIOS...
CMMC Requirement SC.L3-3.13.4E – Isolation: Employ physical isolation techniques or logical isolation techniques or both in organizational systems and system components. Links to Publicly Available Resources – Coming Soon NIST SP 800-160 Vol. 1 Rev. 1...
CMMC Requirement CA.L3-3.12.1E – Penetration Testing: Conduct penetration testing at least annually or when significant security changes are made to the system, leveraging automated scanning tools and ad hoc tests using subject matter experts. Links to Publicly...
CMMC Requirement RA.L3-3.11.7E – Supply Chain Risk Plan: Develop a plan for managing supply chain risks associated with organizational systems and system components; update the plan at least annually, and upon receipt of relevant cyber threat information, or in...
CMMC Requirement RA.L3-3.11.6E – Supply Chain Risk Response: Assess, respond to, and monitor supply chain risks associated with organizational systems and system components. Links to Publicly Available Resources – Coming Soon NIST SP 800-161 Rev 1 Supply Chain...
CMMC Requirement RA.L3-3.11.5E – Security Solutions Effectiveness: Assess the effectiveness of security solutions at least annually or upon receipt of relevant cyber threat information, or in response to a relevant cyber incident, to address anticipated risk to...
CMMC Requirement RA.L3-3.11.4E – Security Solution Rationale: Document or reference in the system security plan the security solution selected, the rationale for the security solution, and the risk determination. Links to Publicly Available Resources – Coming...
CMMC Requirement RA.L3-3.11.3E – Advanced Risk Identification: Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems, and system components. Links to Publicly Available Resources –...