Unlock the full potential of your projects.
Show full map

CMMC v2.0 - Systems and Information Integrity

Other
Tara Lemieux

Controls mapping and traceability diagram. Created by Tara Lemieux and Michael Redman, Schellman Compliance.

Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
CMMC v2.0 - Systems and Information Integrity by Mind Map: CMMC v2.0 - Systems and Information Integrity

1. SI.L2-3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

1.1. "Determine if:

1.1.1. Supports AU.L2-3.3.1, which involves creating and retaining records for monitoring, analysis, and investigations

1.2. (a) the system is monitored to detect attacks and indicators of potential attacks"

1.3. (b) inbound communications traffic is monitored to detect attacks and indicators of potential attacks"

1.4. (c) outbound communications traffic is monitored to detect attacks and indicators of potential attacks"

2. SI.L2-3.14.7 Identify unauthorized use of organizational systems.

2.1. "Determine if:

2.1.1. Relates to: AC.L1-3.1.1, AU.L2-3.3.1, IA.L1-3.5.1, and IA.L1-3.5.2

2.2. (a) authorized use of the system is defined"

2.3. (b) unauthorized use of the system is identified"

3. SI.L1-3.14.1 Identify, report, and correct information and information system flaws in a timely manner.

3.1. "Determine if:

3.2. (a) the time within which to identify system flaws is specified"

3.3. (b) system flaws are identified within the specified time frame"

3.4. (c) the time within which to report system flaws is specified"

3.5. (d) system flaws are reported within the specified time frame"

3.6. (e) the time within which to correct system flaws is specified"

3.7. (f) system flaws are corrected within the specified time frame"

4. SI.L1-3.14.2 Provide protection from malicious code at appropriate locations within organizational information systems.

4.1. "Determine if:

4.2. (a) designated locations for malicious code protection are identified"

4.3. (b) protection from malicious code at designated locations is provided"

5. SI.L2-3.14.3 Monitor system security alerts and advisories and take action in response.

5.1. "Determine if:

5.2. (a) response actions to system security alerts and advisories are identified"

5.3. (b) system security alerts and advisories are monitored"

5.4. (c) actions in response to system security alerts and advisories are taken"

6. SI.L1-3.14.4 Update malicious code protection mechanisms when new releases are available.

6.1. "Determine if:

6.2. (a) malicious code protection mechanisms are updated when new releases are available"

7. SI.L1-3.14.5 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

7.1. "Determine if:

7.2. (a) the frequency for malicious code scans is defined"

7.3. (b) malicious code scans are performed with the defined frequency"

7.4. (c) real-time malicious code scans of files from external sources as files are downloaded, opened, or executed are performed"