CMMC 1.0 Practice IR.2.097 Requirement:

Perform root cause analysis on incidents to determine underlying causes.

CMMC 1.0 IR.2.097 Requirement Explanation:

Incidents offer valuable learning opportunities for improving your security posture. In most cases security incidents could have been prevented, you need to identify the security gaps that allowed the incident to occur.

Example CMMC 1.0 IR.2.097 Implementation:

After an incident is contained review it to identify how it happened and what can be done to prevent it from occurring again. This process should be documented and conducted by your incident response team with the input of relevant stakeholders.

CMMC 1.0 IR.2.097 Scenario(s):

- Scenario 1:

A user received a phishing email and clicked on the malicious link where he entered the user name and password to his account. As a result the attacker took control of the account. Thankfully your incident response team was able to regain control.

- Scenario 2:

Your incident response team conducted a root cause analysis and determined the cause of the incident to be a lack of user security awareness training. To prevent incident recurrence you decide to send security awareness emails to employees weekly and conducted phishing attack scenarios to prepare your users for similar attacks.

Discover Our Cybersecurity Complaince Solutions:


NIST SP 800-171 & CMMC Compliance

Whether you need to meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements, help your clients meet them, or verify sub-contractor compliance we have the expertise and solution for you.

HIPAA Compliance

Whether you need to meet and maintain your HIPAA compliance requirements or help your clients meet them we have the expertise and solution for you.