Posts

SA.3.169 Community-based Threat Sharing (CMMC Level 3)

/
Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders.

IR.2.092 Incident Preparation (CMMC Level 2)

/
Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.

SI.1.210 System Integrity/Patching (CMMC Level 1)

/
Identify, report, and correct information and information system flaws in a timely manner.

CA.2.158 Ongoing Security Assessment (CMMC Level 2)

/
Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.

AC.1.004 Publicly Posted Information (CMMC Level 1)

/
Control information posted or processed on publicly accessible information systems.

MP.1.118 Media Destruction – Sanitation (CMMC Level 1)

/
Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.

AC.1.003 External/Remote Connections (CMMC Level 1)

/
Verify and control/limit connections to and use of external information systems.

AC.1.002 User Access Restrictions (CMMC Level 1)

/
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

AC.1.001 Basic Security Requirements (CMMC Level 1)

/
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).

CMMC Level 3 Control – Email Sandboxing (SI.3.220)

/
An overview for this control states an organization should utilize sandboxing to detect or block potentially malicious email.  The action can prevent malicious files from entering the network and should be document in the Configuration Management Policy.