• Requirement

    Monitor system security alerts and advisories and take action in response.

  • Discussion

    There are many publicly available sources of system security alerts and advisories. For example, the Department of Homeland Securityā€™s Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness across the federal government and in nonfederal organizations. Software vendors, subscription services, and industry information sharing and analysis centers (ISACs) may also provide security alerts and advisories. Examples of response actions include notifying relevant external organizations, for example, external mission/business partners, supply chain partners, external service providers, and peer or supporting organizations. [SP 800-161] provides guidance on supply chain risk management.

More Info

  • Family

    System and Information Integrity
  • DoD Scoring Methodology Points

  • Related CMMC ID

  • Related NIST 800-53 ID

  • Reference Documents

    • N/A

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!