CMMC Practice SA.3.169: Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
To enhance situational awareness activities within the organization, leverage external sources for cybersecurity threat information. Establish a relationship with external organizations, or periodically survey relevant sources, to ensure you are receiving up-to-date threat intelligence information pertinent to your organization. Examples of sources include: US-CERT, various critical infrastructure sector ISACs, ICS-CERT, industry associations, vendors, and federal briefings.
Threat information is reviewed and, if applicable to your organization, communicated to the appropriate stakeholders for action.