CMMC 2.0 Insights
Level 2

CMMC LEVEL 2 - (All Levels)

Select Level

Select Domain for Level 2

Domain Name

Access Control (AC)

Audit & Accountability (AU)

Awareness & Training (AT)

Configuration Management (CM)

Identification & Authentication (IA)

Incident Response (IR)

Maintenance (MA)

Media Protection (MP)

Personnel Security (PS)

Physical Protection (PE)

Risk Assessment (RA)

Security Assessment (CA)

Systems & Communications Protection (SC)

System & Information Integrity (SI)

Practices

All This Level

"All" means all practices for this domain for Level 2 + Level 1

Sponsored by Celerium

CMMC Insights:
Training on Implementation by Implementers

These online-only courses provide CMMC training to companies looking to comply with CMMC. The courses are created by an experienced team of cybersecurity implementers with years of experience on NIST standards.

Implementing CMMC will be different for every company. And with the U.S. government doubling down on cybersecurity, it's important to get it right. So where is the best place to start?

Our CMMC Insights courses were created to help companies looking to comply with CMMC understand how to implement the practices. Our team has years of experience implementing NIST 800-53.

CMMC Level 1 Course

CMMC Level 2 Course

CMMC Level 2 Insider's Edition

One-year access to the learning portal is provided, and we will provide updates on changes to CMMC as clarity is provided on items such as reciprocity. Don't wait -- get started on your CMMC assessment preparation now.

Early detection and defense of
cyber threats.

Continuous monitoring of network threats and cyber compromise activity (early stage reconnaissance and pre-attack infrastructure activity).
Automated blocking to stop threats and contain compromise activity.
Easily sets up in 30 minutes or less.
No new software or hardware to install.
No dedicated staffing required

Request a demo now.

DOMAIN: Audit & Accountability

Practice:AU.L2-3.3.9	CAPABILITY: C009 Identify and protect audit information
Limit management of audit logging functionality to a subset of privileged users.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Audit and accountability policy, access control policy and procedures addressing the protection of audit information that is documented and available upon request.

· System generated list of privileged users with access to the management of the audit capability.

· Accounts dedicated for audit functions and evidence of their utilization, to verify that privileged access is not included into an account that is also used for typical system user functionality. Accordingly, those individuals with audit management functionality should also have a user account and a separate account for audit management.

Click here to see details

Practice:AU.L2-3.3.1	CAPABILITY: C008 Perform Auditing
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

Policy and operational procedures to determine if the organization capture audit records, protect the integrity of the audit collection process, and that retention requirements for audit records is defined.

Evidence of the content in audit logs (event types) and audit records.

Audit collection process to determine that access to the audit logs are restricted from unauthorized access.

Click here to see details (additional assessment notes available)

Practice:AU.L2-3.3.2	CAPABILITY: C007 Define audit requirements
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

Policy and procedures related to Audit and Accountability that identifies the type of individual informaiton system user actions that can be monitored .

Evidence the company monitors the actions of individual system users pursuant to the policy above.

Evidence or system observations that demonstrate an ability to trace unauthroized system user activity.

Implementation of non-repudiation services such as digital signatures or digital message receipts.

Click here to see details (additional assessment notes available)

Practice:AU.L2-3.3.3	CAPABILITY: C007 Define audit requirements
Review and update logged events.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Organization-defined event types logged and information system audit records to determine that logged events are reviewed and updated based on the review, which may be necessary to ensure what is logged is sufficient.

· Demonstration of system event logs to identify any log consolidation systems or capabilities that are implemented, and review reports where system logs capture event data based on alerts or suspicious activity.

Click here to see details

Practice:AU.L2-3.3.4	CAPABILITY: C007 Define audit requirements
Alert in the event of an audit logging process failure.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Demonstration that alerting for an audit failure works as intended and if the company maintains a list of personnel to be notified in the case of an audit processing failure.

· List of personnel that receive audit processing failure notifications, such as system administrators or security personnel with evidence personnel on list are receiving the alerts.

· Information system configuration settings and a demonstration to ensure the system can log audit processing failures and relevant events.

Click here to see details

Practice:AU.L2-3.3.5	CAPABILITY: C010 Review and manage audit logs
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Automated mechanisms that integrate the audit review, analysis, and reporting processes.

· List of employees with audit review, analysis and reporting responsibilities.

· Company procedures that address investigation and response to suspicious activities and information system audit records from across different repositories.

Click here to see details

Practice:AU.L2-3.3.6	CAPABILITY: C010 Review and manage audit logs
Provide audit record reduction and report generation to support on-demand analysis and reporting.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Your company's ability to collect audit information and organizes such information in summary format.

· Your system's ability to support on-demand analysis and reporting including for evidence of its use in supporting after-the-fact security investigations.

· Your system's audit reduction and report generation capability including any use of data mining techniques with automated capabilities to identify anomalous behavior in audit records.

Click here to see details

Practice:AU.L2-3.3.7	CAPABILITY: C008 Perform Auditing
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Procedures or processes that address maintaining synchronized internal system time clocks that typically are linked to an authoritative time source.

· Supporting documentation that define identification and connectivity with the authoritative time source, and the frequency of the time synchronicity.

This practice support audit event and audit record time stamps that may be needed for post investigation or troubleshooting activities.

Click here to see details

Practice:AU.L2-3.3.8	CAPABILITY: C009 Identify and protect audit information
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Audit and accountability policy and procedures to ensure that only authorized personnel have access to audit information, centralized collection systems, and supporting capabilities.

· Organizational procedures addressing the protection of audit information.

Click here to see details

CMMC 2.0 Insights Level 2

Select Level

1

2

Select Domain for Level 2

Domain Name

Practices

CMMC Insights: Training on Implementation by Implementers

Early detection and defense of cyber threats.

CMMC 2.0 Insights
Level 2

CMMC Insights:
Training on Implementation by Implementers

Early detection and defense of
cyber threats.