CMMC Practice SI.L2-3.14.3

Monitor system security alerts and advisories and take action in response.

Bold Coast Security Guidance

The US-CERT security alert mailing list is one of the easiest and most informative lists available. You can subscribe to it here: https://www.us-cert.gov/mailing-lists-and-feeds. Also. subscribe to any local or organizational ISAC's you may have identified in practice IR.4.100. Your policy will state that you are monitoring these lists, and identify the lists you subscribe to in your plan. Be sure to refer back to this list on a regular basis, every year or so, and be sure the information is still relevant to your organization, or if you should add to it, in order to meet maturity level 4.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 There are many publicly available sources of system security alerts and advisories. The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government and in non-federal organizations. Software vendors, subscription services, and relevant industry information sharing and analysis centers (ISACs) may also provide security alerts and advisories. Examples of response actions include notifying relevant external organizations, for example, external mission/business partners, supply chain partners, external service providers, and peer or supporting organizations. NIST SP 800-161 provides guidance on supply chain risk management.

References