CMMC Practice Requirement:

Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders.

CMMC Requirement Explanation:

The objective is for your company to remain aware of the latest cyber threats and determine if they apply to your company.

Example CMMC Implementation:

Sign up for the US-CERTS alerts. This will provide you with "cyber threat intelligence" by informing you of vulnerabilities and security threats. If the vulnerabilities and threats apply to your company you can take action to protect yourself. Communicate these vulnerabilities and threats to relevant persons in your company.


- Scenario 1:

Your signed up for the US-CERT mailing list, providing you with alerts on the latest threats and vulnerabilities. In one of the emails you receive an alert on a critical vulnerability impacting Window 10 systems. The alert also provides guidance on how to patch the vulnerability. You provide this information to your IT team so that they can act on it and patch your Windows 10 systems.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance