CMMC Practice IR.2.097: Perform root cause analysis on incidents to determine underlying causes.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Examine the causes of the event or incident and how your organization responded to it. Look at the administrative, technical, and physical control weaknesses. These may have allowed the incident to occur. Use available practices, such as cause-and-effect diagrams, to perform root-cause analysis. This will prevent future similar incidents. After incidents are resolved, conduct reviews and capture lessons learned. Make improvements based on the outcomes of these activities, such as updating plans or controls.