CMMC Practice Requirement:
Detect and report events.
CMMC Requirement Explanation:
In order to respond to incidents you need to detect them. Detection can come in various forms. Users can notify the incident response team of an incident. The incident response team can also receive alerts from your systems.
Example CMMC Implementation:
Configure your systems to create alerts or alarms to notify you of important events that indicate a security incident. An example is receiving an alert from your anti-malware software that a malicious file was detected. Another example is an alert of a device on your network going down. After detecting an event you need to determine if it is a security incident which will allow you to activate your incident response plan. You need to report events and security incidents to the appropriate persons in your company so that they can react to them.
- Scenario 1:
You receive an alert stating that your company's website is down. Upon further investigation you determine that the website is under a denial of service attack. You activate your incident response plan to handle the incident.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance