CMMC Requirement CM.L2-3.4.1 – System Baselining: Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. Links...
CMMC Requirement AT.L2-3.2.3 – Insider Threat Awareness: Provide security awareness training on recognizing and reporting potential indicators of insider threat. Links to Publicly Available Resources Carnegie Mellon University – Effective Insider Threat...
CMMC Requirement AT.L2-3.2.2 – Role-Based Training: Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides...
CMMC Requirement AT.L2-3.2.1 – Role-Based Risk Awareness: Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and...
CMMC Requirement AU.L2-3.3.6 – Reduction & Reporting: Provide audit record reduction and report generation to support on-demand analysis and reporting. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment...
CMMC Requirement AU.L2-3.3.5 – Audit Correlation: Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. Links to Publicly Available Resources...
