CMMC Practice Requirement:

Monitor system security alerts and advisories and take action in response.

CMMC Requirement Explanation:

System security alerts and advisories refer to alerts given by groups such as the US-CERT or a manufacturer generally regarding security vulnerabilities. Subscribing to these alerts allows companies to react quickly to new security vulnerabilities.

Example CMMC Implementation:

Signup for email distributions that provide you with cybersecurity alerts and advisories. By signing up to the US-CERT "Alerts" mailing list you can meet this control. The alerts provide useful information on newly discovered vulnerabilities. If one of the alerts is relevant to your company you need to take action.


- Scenario 1:

You want to receive alerts on the latest system security vulnerabilities. To accomplish this you sign up for the US-CERT's alert emails.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance