CMMC Requirement RA.L3-3.11.2E – Threat Hunting: Conduct cyber threat hunting activities on an on-going aperiodic basis or when indications warrant, to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade...
CMMC Requirement RA.L3-3.11.1E – Threat-Informed Risk Assessment: Employ threat intelligence, at a minimum from open or commercial sources, and any DoD-provided sources, as part of a risk assessment to guide and inform the development of organizational systems,...
CMMC Requirement PS.L3-3.9.2E – Adverse Information: Ensure that organizational systems are protected if adverse information develops or is obtained about individuals with access to CUI. Links to Publicly Available Resources Center for Internet Security (CIS) Critical...
CMMC Requirement IR.L3-3.6.2E – Cyber Incident Response Team: Establish and maintain a cyber incident response team that can be deployed by the organization within 24 hours. Links to Publicly Available Resources CMMC Level 3 Assessment Guide This document provides...
CMMC Requirement IR.L3-3.6.1E – Security Operations Center: Establish and maintain a security operations center capability that operates 24/7, with allowance for remote/on-call staff. Links to Publicly Available Resources CMMC Level 3 Assessment Guide This document...
CMMC Requirement IA.L3-3.5.3E – Block Untrusted Assets: Employ automated or manual/procedural mechanisms to prohibit system components from connecting to organizational systems unless the components are known, authenticated, in a properly configured state, or in a...
CMMC Requirement IA.L3-3.5.1E – Bidirectional Authentication: Identify and authenticate systems and system components, where possible, before establishing a network connection using bidirectional authentication that is cryptographically based and replay resistant....
CMMC Requirement CM.L3-3.4.3E – Automated Inventory: Employ automated discovery and management tools to maintain an up-to-date, complete, accurate, and readily available inventory of system components. Links to Publicly Available Resources CloudEagle – What Is...
CMMC Requirement CM.L3-3.4.2E – Automated Detection & Remediation: Employ automated mechanisms to detect misconfigured or unauthorized system components; after detection, remove the components or place the components in a quarantine or remediation network to...
CMMC Requirement CM.L3-3.4.1E – Authoritative Repository: Establish and maintain an authoritative source and repository to provide a trusted source and accountability for approved and implemented system components. Links to Publicly Available Resources CMMC Level 3...
