Cybersecurity Compliance and Risk Assessment Purpose: Introduces the concept of a common Cybersecurity Compliance and Risk Assessment (CCRA) for the Defense Industrial Base CCRA Announcement Letter The CCRA concept allows suppliers to complete ONE assessment which...
The intent of the Defense Industrial Base (DIB) Sector Coordinating Council (SCC) Supply Chain Cyber training is to build awareness for DIB suppliers of the Cybersecurity Maturity Model Certification (CMMC) requirements and their obligation to meet FAR 52.204-21,...
CMMC Specific Practices The majority of the practices (110 of 171) originate from the safeguarding requirements and security requirements specified in FAR Clause 52.204-21 and DFARS Clause 252.204-7012, respectively. Level 1 is equivalent to all of the safeguarding...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Risk Assessment (RA) All Level 1 Level 2 Level 3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions,RM.2.142 Scan for vulnerabilities in organizational systems and applications...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Configuration Management (CM) All Level 1 Level 2 Level 3 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems CM.2.062 Employ the principle of least functionality by configuring...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Audit & Accountability (AU) All Level 1 Level 2 Level 3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those usersAU.2.042 Create and retain system audit logs and records to the...