IR.4.100 Use knowledge of attacker tactics, techniques, and procedures in incident response planning and execution.

CMMC Practice IR.4.100: Use knowledge of attacker tactics, techniques, and procedures in incident response planning and execution.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

When conducting cyberattacks the attackers (or actors) tend to operate using certain patterns of behavior or exploit capabilities. These patterns and capabilities are known as Tactics, Techniques, and Procedures (TTPs). Knowledge of adversarial TTPs permits an organization to develop the right protective measures and responses to address a potential attack.

An organization can build their knowledge of attacker TTPs by participating in Information Sharing and Analysis Centers (ISAC) for their industry. An ISAC collects cyber threat information relevant to the industry and its members in order to improve the cyber posture of that industry. Based on the lines of business an organization may consider more than one ISAC.