CMMC Practice Requirement:

Employ a security assessment of enterprise software that has developed internally, for internal use, and that has been organizationally defined as an area of risk.

CMMC Requirement Explanation:

If your company has developed any software internally and uses it internally it needs to undergo a security assessment. The assessment can be completed by your employees or by a third party.

Example CMMC Implementation:

If your company has developed any software internally and uses it internally it needs to undergo a security assessment. The assessment can be completed by your employees or by a third party.

Scenario(s):

- Scenario 1:

Your company has several developers. One of your developers built a piece of software for the accounting department to help automate some of their tasks. Because the software is internally developed and used internally it must under go a security assessments. You task one of your developers to use the OWASP Code Review guide to assess internally developed software.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance