IR.L2-3.6.2 Incident Reporting

CMMC Practice IR.L2-3.6.2 – Incident Reporting: Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. Links to Publicly Available Resources Carnegie Mellon University – Incident...

IR.L2-3.6.1 Incident Handling

CMMC Practice IR.L2-3.6.1 – Incident Handling: Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. Links to Publicly Available...

IA.L2-3.5.6 Identifier Handling

CMMC Practice IA.L2-3.5.6 – Identifier Handling: Disable identifiers after a defined period of inactivity. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity Model...

IA.L2-3.5.5 Identifier Reuse

CMMC Practice IA.L2-3.5.5 – Identifier Reuse: Prevent the reuse of identifiers for a defined period. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity Model...

IA.L2-3.5.4 Replay-Resistant Authentication

CMMC Practice IA.L2-3.5.4 – Replay-Resistant Authentication: Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document...

IA.L2-3.5.3 Multifactor Authentication

CMMC Practice IA.L2-3.5.3 – Multifactor Authentication: Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. Links to Publicly Available Resources BrightTALK – Risks Posed By...

IA.L2-3.5.11 Obscure Feedback

CMMC Practice IA.L2-3.5.11 – Obscure Feedback: Obscure feedback of authentication information. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity Model...

IA.L2-3.5.10 Cryptographically-Protected Passwords

CMMC Practice IA.L2-3.5.10 – Cryptographically-Protected Passwords: Store and transmit only cryptographically-protected passwords. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting...

IA.L2-3.5.9 Temporary Passwords

CMMC Practice IA.L2-3.5.9 – Temporary Passwords: Allow temporary password use for system logons with an immediate change to a permanent password. Links to Publicly Available Resources CIRT.net – Default Password Database Consolidation of default passwords for...

IA.L2-3.5.8 Password Reuse

CMMC Practice IA.L2-3.5.8 – Password Reuse: Prohibit password reuse for a specified number of generations. Links to Publicly Available Resources CIRT.net – Default Password Database Consolidation of default passwords for commercial software and hardware...