CMMC Requirement RA.L3-3.11.6E – Supply Chain Risk Response: Assess, respond to, and monitor supply chain risks associated with organizational systems and system components. Links to Publicly Available Resources CMMC Level 3 Assessment Guide This document provides...
CMMC Requirement RA.L3-3.11.5E – Security Solutions Effectiveness: Assess the effectiveness of security solutions at least annually or upon receipt of relevant cyber threat information, or in response to a relevant cyber incident, to address anticipated risk to...
CMMC Requirement RA.L3-3.11.4E – Security Solution Rationale: Document or reference in the system security plan the security solution selected, the rationale for the security solution, and the risk determination. Links to Publicly Available Resources CMMC Level 3...
CMMC Requirement RA.L3-3.11.3E – Advanced Risk Identification: Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems, and system components. Links to Publicly Available Resources CMMC Level...
CMMC Requirement RA.L3-3.11.2E – Threat Hunting: Conduct cyber threat hunting activities on an on-going aperiodic basis or when indications warrant, to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade...
CMMC Requirement RA.L3-3.11.1E – Threat-Informed Risk Assessment: Employ threat intelligence, at a minimum from open or commercial sources, and any DoD-provided sources, as part of a risk assessment to guide and inform the development of organizational systems,...
