User contributions for David

28 March 2025

• 03:5403:54, 28 March 2025 diff hist +115 Evidence Collection Approach →AC.L2-3.1.1 – Authorized Access Control [CUI Data]
• 03:1703:17, 28 March 2025 diff hist +162 Level 3 Assessment Guide →Appendix A – Acronyms and Abbreviations
• 03:0703:07, 28 March 2025 diff hist +7,377 N Practice SI.L3-3.14.6e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == SI.L3-3.14.6E – THREAT-GUIDED INTRUSION DETECTION == === SECURITY REQUIREMENT === Use threat indicator information and effective mitigations obtained from, <u>..." current
• 03:0703:07, 28 March 2025 diff hist +7,562 N Practice SI.L3-3.14.3e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == SI.L3-3.14.3E – SPECIALIZED ASSET SECURITY === === SECURITY REQUIREMENT === Ensure that <u>specialized assets including IoT, IIoT, OT, GFE, Restricted Informat..." current
• 03:0603:06, 28 March 2025 diff hist +8,191 N Practice SI.L3-3.14.1e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == SI.L3-3.14.1E – INTEGRITY VERIFICATION === === SECURITY REQUIREMENT === Verify the integrity of <u>security critical and essential software</u> using root of t..." current
• 03:0603:06, 28 March 2025 diff hist +1,849 Level 3 Assessment Guide →System and Information Integrity (SI)
• 02:4802:48, 28 March 2025 diff hist +8,251 N Practice SC.L3-3.13.4e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == SC.L3-3.13.4E – ISOLATION == === SECURITY REQUIREMENT === Employ <u>physical isolation techniques or logical isolation techniques or both</u> in organizational..." current
• 02:4402:44, 28 March 2025 diff hist +539 Level 3 Assessment Guide →SC.L3-3.13.4e – isolation
• 02:4002:40, 28 March 2025 diff hist +29 Practice CA.L3-3.12.1e Details No edit summary current
• 02:3902:39, 28 March 2025 diff hist +6,270 N Practice CA.L3-3.12.1e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == CA.L3-3.12.1E – PENETRATION TESTING === Conduct penetration testing <u>at least annually or when significant security changes are made to the system</u>, lever..."
• 02:3502:35, 28 March 2025 diff hist +534 Level 3 Assessment Guide →CA.L3-3.12.1e – Penetration Testing
• 02:3202:32, 28 March 2025 diff hist +5,246 N Practice RA.L3-3.11.7e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == RA.L3-3.11.7E – SUPPLY CHAIN RISK PLAN == === SECURITY REQUIREMENT === Develop a plan for managing supply chain risks associated with organizational systems an..." current
• 02:3002:30, 28 March 2025 diff hist +4,678 N Practice RA.L3-3.11.6e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == RA.L3-3.11.6E – SUPPLY CHAIN RISK RESPONSE == === SECURITY REQUIREMENT === Assess, respond to, and monitor supply chain risks associated with organizational sy..." current
• 02:2702:27, 28 March 2025 diff hist +5,726 N Practice RA.L3-3.11.5e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == RA.L3-3.11.5E – SECURITY SOLUTION EFFECTIVENESS == === SECURITY REQUIREMENT === Assess the effectiveness of security solutions <u>at least annually or upon rec..." current
• 02:2302:23, 28 March 2025 diff hist +6,532 N Practice RA.L3-3.11.4e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == RA.L3-3.11.4E – SECURITY SOLUTION RATIONALE === === SECURITY REQUIREMENT === Document or reference in the system security plan the security solution selected,..." current
• 02:1702:17, 28 March 2025 diff hist +7,934 N Practice RA.L3-3.11.3e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == RA.L3-3.11.3E – ADVANCED RISK IDENTIFICATION == === SECURITY REQUIREMENT === Employ advanced automation and analytics capabilities in support of analysts to pr..." current
• 02:1602:16, 28 March 2025 diff hist +8,773 N Practice RA.L3-3.11.2e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == RA.L3-3.11.2E – THREAT HUNTING == === SECURITY REQUIREMENT === Conduct cyber threat hunting activities <u>on an on-going aperiodic basis or when indications wa..." current
• 01:4901:49, 28 March 2025 diff hist +7,337 N Practice RA.L3-3.11.1e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == RA.L3-3.11.1E – THREAT-INFORMED RISK ASSESSMENT == === SECURITY REQUIREMENT === Employ <u>threat intelligence, at a minimum from open or commercial sources, an..." current
• 01:4501:45, 28 March 2025 diff hist +14 Level 3 Assessment Guide →RA.L3-3.11.7e – Supply Chain Risk Plan
• 01:4301:43, 28 March 2025 diff hist +15 Level 3 Assessment Guide →RA.L3-3.11.5e – Security Solution Effectiveness
• 01:4201:42, 28 March 2025 diff hist +5,483 Level 3 Assessment Guide →Risk Assessment (RA)

27 March 2025

• 16:2316:23, 27 March 2025 diff hist +45,044 Evidence Collection Approach No edit summary
• 03:4703:47, 27 March 2025 diff hist +81 N Commonly Accepted and Practiced CMMC Operation Matrix Created page with "== Commonly Accepted and Practiced CMMC Operating Model == Under Construction!!!"
• 03:4603:46, 27 March 2025 diff hist +2 MediaWiki:Sidebar No edit summary
• 03:4503:45, 27 March 2025 diff hist +44 MediaWiki:Sidebar No edit summary
• 03:4003:40, 27 March 2025 diff hist +72 MediaWiki:Sidebar No edit summary
• 03:3503:35, 27 March 2025 diff hist −1 Evidence Collection Approach →Evidence Collection Approach for CMMC Practices Levels 1 and 2
• 01:5201:52, 27 March 2025 diff hist +61,461 N Evidence Collection Approach Created page with "For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == Evidence Collection Approach for CMMC Practices Levels 1 and 2 == The following table contains the DIBCAC Evidence collection approach for the CMMC Lvels 1 and 2 practices and their Assessment Objectives. The following tables provide a general approach between Assessment Objectives (AOs) and Assessment Methods that may be used. These are not to be construe..."
• 01:4001:40, 27 March 2025 diff hist −84,665 Level 3 Assessment Guide No edit summary
• 01:2801:28, 27 March 2025 diff hist +4,554 N Practice PS.L3-3.9.2e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == PS.L3-3.9.2E – ADVERSE INFORMATION == === SECURITY REQUIREMENT === Ensure that organizational systems are protected if adverse information develops or is obtai..." current
• 01:2801:28, 27 March 2025 diff hist +5,875 N Practice IR.L3-3.6.2e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == IR.L3-3.6.2E – CYBER INCIDENT RESPONSE TEAM == === SECURITY REQUIREMENT === Establish and maintain a cyber incident response team that can be deployed by the o..." current
• 01:2801:28, 27 March 2025 diff hist +5,817 N Practice IR.L3-3.6.1e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == IR.L3-3.6.1E – SECURITY OPERATIONS CENTER == === SECURITY REQUIREMENT === Establish and maintain a security operations center capability that operates <u>24/7,..." current
• 01:2701:27, 27 March 2025 diff hist +7,786 N Practice IA.L3-3.5.3e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == IA.L3-3.5.3E – BLOCK UNTRUSTED ASSETS == === SECURITY REQUIREMENT === Employ automated or manual/procedural mechanisms to prohibit system components from conne..." current
• 01:2701:27, 27 March 2025 diff hist +7,998 N Practice IA.L3-3.5.1e Details Created page with "'''Source of Reference: The official [https://dodcio.defense.gov/cmmc/Resources-Documentation/ CMMC Level 3 Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. == IA.L3-3.5.1E – BIDIRECTIONAL AUTHENTICATION == === SECURITY REQUIREMENT === Identify and authenticate <u>systems and system components, where possible</u>, bef..." current

26 March 2025

• 03:3903:39, 26 March 2025 diff hist −2,401 Level 3 Assessment Guide No edit summary
• 03:3603:36, 26 March 2025 diff hist +507 Level 3 Assessment Guide →Personnel Security (PS)
• 03:3503:35, 26 March 2025 diff hist +727 Level 3 Assessment Guide →Incident Response (IR)
• 03:3403:34, 26 March 2025 diff hist +1 Level 3 Assessment Guide →Identification and Authentication (IA)
• 03:2603:26, 26 March 2025 diff hist +1,429 Level 3 Assessment Guide →Identification and Authentication (IA)

25 March 2025

• 03:5103:51, 25 March 2025 diff hist +117 Model Overview →System and Information Integrity (SI)
• 03:5003:50, 25 March 2025 diff hist +39 Model Overview →System and Communications Protection (SC)
• 03:5003:50, 25 March 2025 diff hist +39 Model Overview →Security Assessment (CA)
• 03:4903:49, 25 March 2025 diff hist +273 Model Overview →Risk Assessment (RA)
• 03:4703:47, 25 March 2025 diff hist +76 Model Overview →Incident Response (IR)
• 03:4003:40, 25 March 2025 diff hist +38 Model Overview →Personnel Security (PS)
• 03:4003:40, 25 March 2025 diff hist +76 Model Overview →Identification & Authentication (IA)
• 03:3903:39, 25 March 2025 diff hist +114 Model Overview →Configuration Management (CM)
• 03:3803:38, 25 March 2025 diff hist +76 Model Overview →Awareness & Training (AT)
• 03:3603:36, 25 March 2025 diff hist +223 Model Overview →Personnel Security (PS)
• 03:3603:36, 25 March 2025 diff hist +476 Model Overview →Incident Response (IR)