CMMC Practice RM.4.150

Employ threat intelligence to inform the development of the system and security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities.

Source

CMMC Version 1.02, pg. 213

Bold Coast Security Guidance

For Level 4 compliance, the organization must have a measurable management plan for threat intelligence. That plan must apply threat intelligence in a process-driven and methodical way to increase it's information security maturity. The hardening of computer operating systems and software, and the integration of new security tools, especially those related to behavior-based analysis over signature-based analysis.

Discussion From Source

DRAFT NIST SP 800-171B The constantly changing and increased sophistication of adversaries, especially the advanced persistent threat (APT), makes it more likely that adversaries can successfully compromise or breach organizational systems . Accordingly, threat intelligence can be integrated into and inform each step of the risk management process throughout the system development life cycle. This includes defining system security requirements, developing system and security architectures, selecting security solutions, monitoring (including threat hunting) and remediation efforts. Support References: • NIST SP 800-30 provides guidance on risk assessments. • NIST SP 800-39 provides guidance on the risk management process. • NISTSP 800-160-1 provides guidance on security architectures and systems security engineering. • NIST SP 800-150 provides guidance on cyber threat information sharing.

References

  • Draft NIST SP 800-171B 3.11.1e
  • NIST SP 800-30 provides guidance on risk assessments.
  • NIST SP 800-39 provides guidance on the risk management process.
  • NISTSP 800-160-1 provides guidance on security architectures and systems security
  • NIST SP 800-150 provides guidance on cyber threat information sharing.
  • NIST CSF v1.1 ID.RA-2, ID.RA-3