CMMC Practice Requirement:

Develop and implement responses to declared incidents according to predefined procedures.

CMMC Requirement Explanation:

By documenting incident responses for common incidents can quickly respond to incidents as they occur.

Example CMMC Implementation:

Document procedures for responding to common security incidents. Common security incidents include phishing attacks, malware infections, and policy violations by employees. Responses to incidents generally include actions to contain damage, communicating the incident to users, deploying additional security controls and communicating with key stakeholders.


- Scenario 1:

A user has reported receiving a phishing email containing a malicious file. You use your documented procedures to respond to this common security incident. Your procedures include black listing the domain of the malicious email and sending an email to your employees warning them of the attack.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance