Level 5 CMMC - CMMC Practices


Reference: CMMC 1.02

Family: SA

Level Introduced: 3

Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders.

CMMC Clarification:
To enhance situational awareness activities within the organization, leverage external sources for cybersecurity threat information. Establish a relationship with external organizations, or periodically survey relevant sources, to ensure you are receiving up-to- date threat intelligence information pertinent to your organization. Examples of sources include: US-CERT, various critical infrastructure sector ISACs, ICS-CERT, industry associations, vendors, and federal briefings.

Threat information is reviewed and, if applicable to your organization, communicated to the appropriate stakeholders for action.

You are in charge of IT operations for your company. Part of your role is to ensure you are aware of up-to-date cyber threat intelligence information so you can properly perform risk assessments and vulnerability analyses. To do this, you join a defense sector ISAC, and sign- up for alerts from US-CERT. You use information you receive from these external entities to update your threat profiles, vulnerability scans, and risk assessments. Also, you use these sources to gather best practices for informing your employees of potential threats and disseminate the information throughout your organization to the appropriate stakeholders.

Establish relationships with external organizations to gather cyber threat intelligence information. Cyber threat information from external sources should inform situational awareness activities within the organization. Relevant external threat information is communicated to stakeholders within the organization for appropriate action if needed.

Source: CMMC v1.02



The organization implements a threat awareness program that includes a cross-organization information-sharing capability.

Supplemental Guidance:
Because of the constantly changing and increasing sophistication of adversaries, especially the advanced persistent threat (APT), it is becoming more likely that adversaries may successfully breach or compromise organizational information systems. One of the best techniques to address this concern is for organizations to share threat information. This can include, for example, sharing threat events (i.e., tactics, techniques, and procedures) that organizations have experienced, mitigations that organizations have found are effective against certain types of threats, threat intelligence (i.e., indications and warnings about threats that are likely to occur). Threat information sharing may be bilateral (e.g., government-commercial cooperatives, government-government cooperatives), or multilateral (e.g., organizations taking part in threat-sharing consortia). Threat information may be highly sensitive requiring special agreements and protection, or less sensitive and freely shared. Related controls: PM-12, PM-16.

Source: NIST Special Publication 800-53 Rev. 4

Source: CMMC v1.02