CMMC Requirement RA.L3-3.11.6E – Supply Chain Risk Response: Assess, respond to, and monitor supply chain risks associated with organizational systems and system components. Links to Publicly Available Resources – Coming Soon NIST SP 800-161 Rev 1 Supply Chain...
CMMC Requirement RA.L3-3.11.5E – Security Solutions Effectiveness: Assess the effectiveness of security solutions at least annually or upon receipt of relevant cyber threat information, or in response to a relevant cyber incident, to address anticipated risk to...
CMMC Requirement RA.L3-3.11.4E – Security Solution Rationale: Document or reference in the system security plan the security solution selected, the rationale for the security solution, and the risk determination. Links to Publicly Available Resources – Coming...
CMMC Requirement RA.L3-3.11.3E – Advanced Risk Identification: Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems, and system components. Links to Publicly Available Resources –...
CMMC Requirement RA.L3-3.11.2E – Threat Hunting: Conduct cyber threat hunting activities on an on-going aperiodic basis or when indications warrant, to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade...
CMMC Requirement RA.L3-3.11.1E – Threat-Informed Risk Assessment: Employ threat intelligence, at a minimum from open or commercial sources, and any DoD-provided sources, as part of a risk assessment to guide and inform the development of organizational systems,...
