CMMC Practice CM.L2-3.4.6 – Least Functionality: Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. Links to Publicly Available Resources Canadian Centre for Cyber Security – Guidance...
CMMC Practice CM.L2-3.4.1 – System Baselining: Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. Links to...
CMMC Practice AT.L2-3.2.3 – Insider Threat Awareness: Provide security awareness training on recognizing and reporting potential indicators of insider threat. Links to Publicly Available Resources Carnegie Mellon University – Effective Insider Threat...
CMMC Practice AT.L2-3.2.2 – Role-Based Training: Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides...
CMMC Practice AT.L2-3.2.1 – Role-Based Risk Awareness: Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and...
CMMC Practice AU.L2-3.3.6 – Reduction & Reporting: Provide audit record reduction and report generation to support on-demand analysis and reporting. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment...
CMMC Practice AU.L2-3.3.5 – Audit Correlation: Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. Links to Publicly Available Resources CMMC...
CMMC Practice AU.L2-3.3.9 – Audit Management: Limit management of audit logging functionality to a subset of privileged users. Links to Publicly Available Resources BrightTALK – Log Management: Achieving Compliance Objectives This video discusses common...
CMMC Practice AU.L2-3.3.8 – Audit Protection: Protect audit information and audit logging tools from unauthorized access, modification, and deletion. Links to Publicly Available Resources BrightTALK – Log Management: Achieving Compliance Objectives...
CMMC Practice AU.L2-3.3.4 – Audit Failure Alerting: Alert in the event of an audit logging process failure. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity Model...
