CMMC Practice Requirement:

Perform root cause analysis on incidents to determine underlying causes.

CMMC Requirement Explanation:

Incidents offer valuable learning opportunities for improving your security posture. In most cases security incidents could have been prevented, you need to identify the security gaps that allowed the incident to occur.

Example CMMC Implementation:

After an incident is contained review it to identify how it happened and what can be done to prevent it from occurring again. This process should be documented and conducted by your incident response team with the input of relevant stakeholders.


- Scenario 1:

A user received a phishing email and clicked on the malicious link where he entered the user name and password to his account. As a result the attacker took control of the account. Thankfully your incident response team was able to regain control.

- Scenario 2:

Your incident response team conducted a root cause analysis and determined the cause of the incident to be a lack of user security awareness training. To prevent incident recurrence you decide to send security awareness emails to employees weekly and conducted phishing attack scenarios to prepare your users for similar attacks.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance