CMMC Practice SA.4.173
Design network and system security capabilities to leverage, integrate, and share indicators of compromise.
Bold Coast Security Guidance
For Level 4 compliance, and organization must have a very mature Threat Intelligence program with some automated components. Though there are some "off the shelf" systems that can deploy threat intelligence related to Indicators of Compromise, it's more likely solutions will be scripted or manually performed. Practice, policy, plan and practice measurement are all required to achieve Level 4 compliance.
Sharing IoCs (Indicators of Compromise) to systems across an enterprise strengthens an
organization’s ability to thwart adversaries. Designing an organization’s security
architecture to integrate and share IoCs rapidly increases the likelihood of stopping an attack
that is happening at machine speed. Machine speed attacks are attacks that are happening in
real-time and use automation to increase the speed at which the attack spreads and performs
actions. Effective sharing requires that intelligence services as well as internal resources process IoC information and provide it to the necessary systems in order to act on the information quickly.