CMMC Practices
Reference: CMMC 2.11
Family: RA
Level Introduced: 3
Title: Threat-Informed Risk Assessment
Practice:
Employ threat intelligence, at a minimum from open or commercial sources, and any DoD-provided sources, as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities.
NIST 800-172 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
Source: CMMC v2.0