What are keyloggers and what guidance does the CMMC provide

A keylogger can either be hardware or software. A hardware based keylogger can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a keyboard and the computer. They log all keyboard activity to their internal memory. Software-based keyloggers are computer programs designed to work on the target computer's operating system. Software based keyloggers can come in the form of; Hypervisor-based, Kernel-based, API-based, Form grabbing based, Javascript-based, and Memory-injection-based.

Keyloggers first appeared in the 1970’s when the Soviet Union developed and deployed a hardware keylogger targeting typewriters in the US Embassy and Consulate buildings in Moscow.

Software keyloggers first hit the scene in 1983 when an early keylogger was written by Perry Kivolowitz.

Yes, in 2000 the FBI used FlashCrest iSpy, a key logging software to obtain the passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo. Also in 2000, the FBI lured two suspected Russian cybercriminals to the US in an elaborate ruse. The FBI captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in Russia. The FBI then used these credentials to hack into the suspects computers in Russia to obtain evidence to prosecute them.

Various CMMC practices if implemented can help your organization avoid the threat of key loggers. Physical access controls can help prevent a malicious person from installing a physical keylogger on your systems. Implementing the principles of least functionality and least privilege can reduce the risk of key logging software being installed on your systems. By installing and properly configuring anti-malware solutions on your systems you can block and detect software keyloggers. By properly configuring your firewall to block unauthorized traffic you can prevent a keylogger from sending any captured keystrokes back to the attacker.