Today, our Vice President and Cyber Solutions Architect, Robert Hanley will discuss incident response, commonly referred to as IR. Remember, CMMC is about protecting controlled, unclassified information, or CUI. That includes “lim-dis” – limited distribution and FOUO, “for official use only”.
So, as a refresher, CMMC has five maturity levels with five being the most stringent. Contractors and subcontractors will all need to have the minimum level 1. Prime contractors will need minimum level 3. IR has level 2 and level 3 requirements but does not have level one requirements. It does have level four and level five, but today we’re only going to focus on what you need to get to that level three as a prime contractor. Incident response is geared towards protecting your organization’s information, as well as its reputation by developing and implementing an incident response infrastructure. Level two and level three are about documenting and managing processes as I described earlier. Read the full script.