CMMC 2.0 Insights
Level 2
Select Domain for Level 2
Domain Name
Access Control (AC)
Audit & Accountability (AU)
Awareness & Training (AT)
Configuration Management (CM)
Identification & Authentication (IA)
Incident Response (IR)
Maintenance (MA)
Media Protection (MP)
Personnel Security (PS)
Physical Protection (PE)
Risk Assessment (RA)
Security Assessment (CA)
Systems & Communications Protection (SC)
System & Information Integrity (SI)
| DOMAIN: System and Information Integrity |
|
Practice:SI.L1-3.14.1
|
CAPABILITY: C040 Identify and manage information flaws
|
|
Identify, report, and correct information and information system flaws in a timely manner. |
|
Threat Actors:
A wildly successful attack vector used by threat actors is the exploitation of unpatched system vulnerabilities. Failing to remain current on various software/system patches can greatly increase your attack surface and result in compromise.
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following· Policy or procedures that address flaw remediation,
· Security-relevant software updates (patches, service pack updates, hot fixes, or signature updates) in response to reported system flaws or vulnerabilities,
Click here to see details
|
Practice:SI.L1-3.14.2
|
CAPABILITY: C041 Identify malicious content
|
|
Provide protection from malicious code at appropriate locations within organizational information systems. |
|
Threat Actors:
There are several methods in which threat actors can deliver malicious code to your system:
i) Email/phishing
ii) Malicious websites
iii) Portable storage devices such as thumb drives, etc
iv) Off the shelf commercial software packages
Assessment NOTES: A CMMC assessor may want to review, observe, or test the followingAn inventory of malicious code protections provided to systems at designated locations.
Click here to see details
Copyright © 2022 Celerium. All Rights Reserved.