CMMC 2.0 Insights
Level 2

CMMC LEVEL 2 - (All Levels)

Select Level

Select Domain for Level 2

Domain Name

Access Control (AC)

Audit & Accountability (AU)

Awareness & Training (AT)

Configuration Management (CM)

Identification & Authentication (IA)

Incident Response (IR)

Maintenance (MA)

Media Protection (MP)

Personnel Security (PS)

Physical Protection (PE)

Risk Assessment (RA)

Security Assessment (CA)

Systems & Communications Protection (SC)

System & Information Integrity (SI)

Practices

All This Level

"All" means all practices for this domain for Level 2 + Level 1

Sponsored by Celerium

CMMC Insights:
Training on Implementation by Implementers

These online-only courses provide CMMC training to companies looking to comply with CMMC. The courses are created by an experienced team of cybersecurity implementers with years of experience on NIST standards.

Implementing CMMC will be different for every company. And with the U.S. government doubling down on cybersecurity, it's important to get it right. So where is the best place to start?

Our CMMC Insights courses were created to help companies looking to comply with CMMC understand how to implement the practices. Our team has years of experience implementing NIST 800-53.

CMMC Level 1 Course

CMMC Level 2 Course

CMMC Level 2 Insider's Edition

One-year access to the learning portal is provided, and we will provide updates on changes to CMMC as clarity is provided on items such as reciprocity. Don't wait -- get started on your CMMC assessment preparation now.

Early detection and defense of
cyber threats.

Continuous monitoring of network threats and cyber compromise activity (early stage reconnaissance and pre-attack infrastructure activity).
Automated blocking to stop threats and contain compromise activity.
Easily sets up in 30 minutes or less.
No new software or hardware to install.
No dedicated staffing required

Request a demo now.

DOMAIN: System & Information Integrity

Practice:SI.L1-3.14.1	CAPABILITY: C040 Identify and manage information flaws
Identify, report, and correct information and information system flaws in a timely manner.

Threat Actors:

A wildly successful attack vector used by threat actors is the exploitation of unpatched system vulnerabilities. Failing to remain current on various software/system patches can greatly increase your attack surface and result in compromise.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Policy or procedures that address flaw remediation,

· Security-relevant software updates (patches, service pack updates, hot fixes, or signature updates) in response to reported system flaws or vulnerabilities,

Click here to see details

Practice:SI.L1-3.14.2	CAPABILITY: C041 Identify malicious content
Provide protection from malicious code at appropriate locations within organizational information systems.

Threat Actors:

There are several methods in which threat actors can deliver malicious code to your system:

i) Email/phishing

ii) Malicious websites

iii) Portable storage devices such as thumb drives, etc

iv) Off the shelf commercial software packages

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

An inventory of malicious code protections provided to systems at designated locations.

Click here to see details

Practice:SI.L1-3.14.4	CAPABILITY: C041 Identify malicious content
Update malicious code protection mechanisms when new releases are available.

Threat Actors:

i) May assume you are not currently updating your protection mechanisms (anti-virus signatures, reputation mechanisms)

ii) May assume you and vendors do not rapidly update protections and may exploit this window via “zero-day” attacks

iii) May use Malware to insert logic bombs, back doors, etc.

iv) May assume you may not be sufficiently protecting your organization from custom software vulnerabilities (secure coding, config management, good procurement processes, monitoring scope of software functions)

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

Malicious code protections are updated when new releases are available and also updated based on your organizational configuration management process.

Click here to see details

Practice:SI.L1-3.14.5	CAPABILITY: C041 Identify malicious content
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

Threat Actors:

i) Will try to insert malicious code via external measures (email, SMS, etc.)

ii) May assume that your protection mechanisms will fail to detect malicious content

iii) May also assume that your company does not scan existing systems or existing data/files

iv) Will used advanced techniques such as steganography - which is the practice of concealing a file, message, image, or video within another file, message, image, or video.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

Security scans of files from an external source are scanned when downloaded, opened, or executed. (This would include files downloaded from websites, email attachments, embedded links, or from other interfaces with external systems.)

Click here to see details

Practice:SI.L2-3.14.3	CAPABILITY: C040 Identify and manage information flaws
Monitor system security alerts and advisories and take action in response.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Procedures to identify how the organizations receive security alerts, advisories, and directives from external organizations and how internal alerts of similar nature are generated and effectively communicated.

· Procedures and processes to ensure an appropriate action is taken in response to the alerts and advisories with relevant external entities, such as supply chain partners.

Click here to see details

Practice:SI.L2-3.14.6	CAPABILITY: C042 Perform network and system monitoring
Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

Threat Actors:

i) may take advantage of a poor network monitoring capability and use intrusion techniques to gain persistent access to your network

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Procedures that addresses system monitoring tools and methods used to detect potential threats for all inbound and outbound communications, as well as, unauthorized local, network or remote connectivity.

· Supporting documentation that identifies network monitoring tools, security detection and monitoring systems, roles and responsibilities of individuals that monitor and respond to potential threats, or any third-party services supporting this practice.

· If emails are scanned for malicious code, links, or attachments.

Click here to see details (additional assessment notes available)

Practice:SI.L2-3.14.7	CAPABILITY: C042 Perform network and system monitoring
Identify unauthorized use of organizational systems.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

· Procedures that addresses system monitoring tools and methods used to determine if authorized and unauthorized use of the system is defined.

· Process on how the organization monitors the system for misuse.

· Process on how unauthorized use will be detected (such as log monitoring).

Various data protection and data loss prevention (DLP) tools may also be used in support of this practice.

Click here to see details

CMMC 2.0 Insights Level 2

Select Level

1

2

Select Domain for Level 2

Domain Name

Practices

CMMC Insights: Training on Implementation by Implementers

Early detection and defense of cyber threats.

CMMC 2.0 Insights
Level 2

CMMC Insights:
Training on Implementation by Implementers

Early detection and defense of
cyber threats.