IR.2.093 Detect and report events.

CMMC Practice IR.2.093: Detect and report events.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Detect events on your network. An event is any observable occurrence on the network. You can detect events several ways, including through:

  • observations of breakdowns in processes or loss in productivity;
  • observations such as alarms and alerts, notification from other organizations; and
  • the results of audits or assessments.

After you detect an event, determine if it will affect organizational assets and/or has the potential to disrupt operations. This may require the start of the incident process.