Cybersecurity Compliance and Risk Assessment Purpose: Introduces the concept of a common Cybersecurity Compliance and Risk Assessment (CCRA) for the Defense Industrial Base CCRA Announcement Letter The CCRA concept allows suppliers to complete ONE assessment which...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Risk Assessment (RA) Level 1 Level 2 Level 3 There are currently no requirements in the Risk Assessment domain at Level 1. RA.L2-3.11.1 Risk AssessmentsRA.L2-3.11.2 Vulnerability ScanRA.L2-3.11.3 Vulnerability Remediation...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Configuration Management (CM) Level 1 Level 2 Level 3 There are currently no requirements in the Configuration Management domain at Level 1. CM.L2-3.4.1 System BaseliningCM.L2-3.4.2 Security Configuration...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Audit & Accountability (AU) Level 1 Level 2 Level 3 There are currently no requirements in the Audit and Accountability domain at Level 1. AU.L2-3.3.1 System AuditingAU.L2-3.3.2 User AccountabilityAU.L2-3.3.3 Event...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI System & Information Integrity (SI) Level 1 Level 2 Level 3 SI.L1-B.1.XII Flaw RemediationSI.L1-B.1.XIII Malicious Code ProtectionSI.L1-B.1.XIV Update Malicious Code ProtectionSI.L1-B.1.XV System & File Scanning...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Access Control (AC) Level 1 Level 2 Level 3 AC.L1-B.1.I Authorized Access ControlAC.L1-B.1.II Transaction & Function ControlAC.L1-B.1.III External ConnectionsAC.L1-B.1.IV Control Public Information AC.L2-3.1.1 Authorized...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Security Assessment (CA) Level 1 Level 2 Level 3 There are currently no requirements in the Security Assessment domain at Level 1. CA.L2-3.12.1 Security Control AssessmentCA.L2-3.12.2 Plan of ActionCA.L2-3.12.3 Security...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Incident Response (IR) Level 1 Level 2 Level 3 There are currently no requirements in the Incident Response domain at Level 1. IR.L2-3.6.1 Incident HandlingIR.L2-3.6.2 Incident ReportingIR.L2-3.6.3 Incident Response Testing...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI Awareness and Training (AT) Level 1 Level 2 Level 3 There are currently no requirements in the Awareness and Training domain at Level 1. AT.L2-3.2.1 Role-Based Risk AwarenessAT.L2-3.2.2 Role-Based TrainingAT.L2-3.2.3 Insider...
AC AT AU CM IA IR MA MP PS PE RA CA SC SI System & Communication Protection (SC) Level 1 Level 2 Level 3 SC.L1-B.1.X Boundary ProtectionSC.L1-B.1.XI Public-Access System Separation SC.L2-3.13.1 Boundary ProtectionSC.L2-3.13.2 Security EngineeringSC.L2-3.13.3 Role...
