Cybersecurity Compliance and Risk Assessment Purpose: Introduces the concept of a common Cybersecurity Compliance and Risk Assessment (CCRA) for the Defense Industrial Base CCRA Announcement Letter The CCRA concept allows suppliers to complete ONE assessment which...
The intent of the Defense Industrial Base (DIB) Sector Coordinating Council (SCC) Supply Chain Cyber training is to build awareness for DIB suppliers of the Cybersecurity Maturity Model Certification (CMMC) requirements and their obligation to meet FAR 52.204-21,...
This sections covers protections from attacks against the primary attack vector for malicious users, email. Implementation Assessment ATP – Safe Attachments, Safe Links, and Anti-Phishing Policies or “All the policies you can shake a stick at” (Edit) This blog...
This section covers web browser protections from attacks by malicious actors. Implementation Assessment Avast – What is a Proxy Server? (Edit) This knowledge base article from Avast describes proxy servers. Cybersecurity & Infrastructure Security Agency...
CMMC Specific Practices The majority of the practices (110 of 171) originate from the safeguarding requirements and security requirements specified in FAR Clause 52.204-21 and DFARS Clause 252.204-7012, respectively. Level 1 is equivalent to all of the safeguarding...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Risk Assessment (RA) All Level 1 Level 2 Level 3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions,RM.2.142 Scan for vulnerabilities in organizational systems and applications...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Configuration Management (CM) All Level 1 Level 2 Level 3 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems CM.2.062 Employ the principle of least functionality by configuring...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Audit & Accountability (AU) All Level 1 Level 2 Level 3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those usersAU.2.042 Create and retain system audit logs and records to the...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI System & Information Integrity (SI) All Level 1 Level 2 Level 3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner.SI.1.211 Provide protection from malicious code at...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Access Control (AC) All Level 1 Level 2 Level 3 AC.L1-3.1.1 Authorized Access ControlAC.L1-3.1.2 Transaction & Function ControlAC.L2-3.1.3 Control CUI FlowAC.L2-3.1.4 Separation of DutiesAC.L2-3.1.5 Least...
