CMMC Practice SA.4.173

Design network and system security capabilities to leverage, integrate, and share indicators of compromise.


CMMC Version 1.02, pg. 243

Bold Coast Security Guidance

For Level 4 compliance, and organization must have a very mature Threat Intelligence program with some automated components. Though there are some "off the shelf" systems that can deploy threat intelligence related to Indicators of Compromise, it's more likely solutions will be scripted or manually performed. Practice, policy, plan and practice measurement are all required to achieve Level 4 compliance.

Discussion From Source

CMMC Sharing IoCs (Indicators of Compromise) to systems across an enterprise strengthens an organization’s ability to thwart adversaries. Designing an organization’s security architecture to integrate and share IoCs rapidly increases the likelihood of stopping an attack that is happening at machine speed. Machine speed attacks are attacks that are happening in real-time and use automation to increase the speed at which the attack spreads and performs actions. Effective sharing requires that intelligence services as well as internal resources process IoC information and provide it to the necessary systems in order to act on the information quickly.