CMMC Requirement SI.L3-3.14.6E – Threat-Guided Intrusion Detection: Use threat indicator information and effective mitigations obtained from, at a minimum, open or commercial sources, and any DoD-provided sources, to guide and inform intrusion detection and threat...
CMMC Requirement SI.L3-3.14.3E – Specialized Asset Security: Ensure that specialized assets including IoT, IIoT, OT, GFE, Restricted Information Systems and test equipment are included in the scope of the specified enhanced security requirements or are segregated in...
CMMC Requirement SI.L3-3.14.1E – Integrity Verification: Verify the integrity of security critical and essential software using root of trust mechanisms or cryptographic signatures. Links to Publicly Available Resources – Coming Soon NIST SP 800-147 BIOS...
CMMC Requirement SC.L3-3.13.4E – Isolation: Employ physical isolation techniques or logical isolation techniques or both in organizational systems and system components. Links to Publicly Available Resources – Coming Soon NIST SP 800-160 Vol. 1 Rev. 1...
CMMC Requirement CA.L3-3.12.1E – Penetration Testing: Conduct penetration testing at least annually or when significant security changes are made to the system, leveraging automated scanning tools and ad hoc tests using subject matter experts. Links to Publicly...
CMMC Requirement RA.L3-3.11.7E – Supply Chain Risk Plan: Develop a plan for managing supply chain risks associated with organizational systems and system components; update the plan at least annually, and upon receipt of relevant cyber threat information, or in...